Štruktúra kurzu
Module 1: Introduction to ESM Administration
• Describe each ESM system component
Module 2: ESM Distributed Components
• Recognize where ESM fits within the ArcSight Architecture
• Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve
• Describe the ESM Distributed Mode components
• Recognize the ArcSight Data Platform (ADP) and its components
Module 3: Installing ESM Distributed Mode
• Plan System Hardware Requirements
• Check Operating System Pre-Installation
• Install ESM Persistor Node
• Install ESM Correlator Aggregator Node
• Configure Integration of the Persistor Node
• Add Correlator Aggregator Services
• Configure Message Bus Data and Control Instances from Persistor
• Configure Repository Instances from Persistor
• Configure Distributed Cache on Correlator Aggregators
• Run Cert Admin Approveall
• Start All Cluster Wide Services from Persistor Node
Module 4: Maintaining ESM Properties Files and Upgrades
• Customize ArcSight ESM using Properties File
• Prepare System for an Upgrade
• Upgrade ESM
• Upgrade the ESM Console
Module 5: Installing the ESM Console
• Install the ESM Console
• Customize the ESM Console
• Describe Tools available in the ESM Console
Module 6: Installing SmartConnectors
• Describe how Connectors collect, normalize, and cache events
• Install and configure ArcSight SmartConnectors
• Identify Connector Command Scripts
• Describe how Connectors can be managed from an ESM Console, a Connector Appliance,
or ArcSight Management Center
Module 7: Managing the Network Model
• List Network Model resources
• Describe Asset Model resources
• Add the following modelling resources:
• Assets
• Asset Ranges
• Zones
• Network and attach it to a connector
• Import Zone and Asset information with the Network Model wizard
• Explain the use of the Asset Import Connector
Module 8: Configuring SmartConnector Destinations
• Get SmartConnector Status
• Set SmartConnector Flow-Control
• Use SmartConnector Administrative Dashboards
• Configure SmartConnectors for Failover and Dual Destinations
Module 9: Installing the ESM Super and Syslog Connectors
• Installing and configure a Forwarding Connector
• Installing and configure a Syslog connector
Module 10: SmartConnectors Configurations and Advanced Features
• Configuring SmartConnectors using advanced features such as turbo mode, map files,
event filtering, network options and event aggregation
• Constructing advanced configuration settings for optimal performance and data enrichment
Module 11: Command Center
• Logging onto the ArcSight Command Center
• Identifying functions and navigate the User Interface
• Using the ArcSight Command Center Help Facility
• Configure:
• Authentication
• Content
• Storage
• Appliances
• Identifying stock content dashboards
Module 12: Accessing Administrator Content
• Reviewing Administrator Reports, Dashboards and Filters
• Running and Archiving Reports
• Using Administrator Data Monitors
Module 13: Content Management and Peering
• Peering ESMS
• Performing Peer Searches
• Creating Packages and Pushing content to a Peer
Module 14: ESM User Administration and Notification
• Creating Users and setting User Notifications
• Managing Resource Permissions
• Accessing and Modifying Password Properties
• Configuring ArcSight Notifications
Module 15: ESM Certification Management
• Describing uses of SSL technology in ArcSight ESM
• Describing SSL setup options
• Keytool/keytoolgui
• Certadmin
• Identifying the steps to deploy:
• Self-signed Certificates
• Approve/revoke distributed mode Certificates
• CA (Certificate Authority)-signed Certificates
Module 16: ESM Backup and Restore
• Restoring the ESM Manager’s configurations
• Backing up and restoring ESM
• Describing CORR-E Daily Job Archiving
