Štruktúra kurzu
Táto časť nie je lokalizovaná
1: Introduction to Logger
Describe the basic features and functions of Logger
Describe how different Logger models are used
Explain how Logger processes event data
Explain what CEF is and how it is used
2: Installing and Configuring Logger
Install and configure Software Logger
Describe how to update & uninstall Software Logger
Initialize and configure a Logger appliance
Log into the Logger browser interface
3: Navigating Logger
List browser requirements for the Logger User Interface (UI)
Describe functions accessible from each main tab of the Logger UI
Navigate to specific topics within the Logger UI
Use the Dashboards tab to graphically track basic Logger
system functions
4: Logger Configuration
Use appropriate options on Configuration drop-down menu to access, configure, and verify Logger functions
Configure a Peer Logger
Access System Maintenance functions
5: Configuring Logger Event Input and Output
Create, edit, and delete Receivers
Manage devices and device groups
Associate devices with device groups
Associate storage rules with device and storage groups
Create, edit, and delete ESM destinations and manage SSL certificates
Create, edit, and delete Forwarders
6: System Admin Settings
Locate and configure Logger Appliance Network settings
Obtain audit log content and enable support login
Perform system and license updates
Mount and configure remote storage
Generate and install signed certificates
Enable CAC and/or FIPS 140-2 security
7: Managing Users and Groups
Create user groups in Logger
Assign user group privileges
Edit and delete user groups
Add users in Logger
Assign users to groups
Edit and delete users
Specify global login, password, and authentication settings
8: Event Search
Explain how (at a high level) Logger searches events
Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
Enable peer Loggers for searching
Use unified Search page to initiate any type of search
Use auto-complete feature to save time during data entry
Describe how search results are displayed
Narrow your search interactively using displayed results
Use wild cards in search queries
Explain how indexing improves search performance
Modify field indexing
9: Search Tools
Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
Customize and save field sets for customized results displays
Apply constraints to a search
Validate performance of a query using Search Analyzer
Run a search query and analyze results
Refine and rerun a search with the results display
Rerun a search at regular intervals using Auto Update
Describe the function of a static correlation
Use the Live Event Viewer to display real time raw events
10: Filters, Saves Searches & Scheduled Alerts
Save a query as a filter or a saved search, and retrieve it later
Describe the different types of filters used in Logger
Create, copy, edit, or delete a shared filter
Create and use search group filters
Run a saved search job
Create a saved search alert
Save search results to local Logger and retrieve them
Change search parameters using Advanced Search Options
Search Logger from the ArcSight ESM Console
11: Logger Dashboards
Describe the types of panels on a Dashboard
Describe built-in Dashboards
Create and modify a Dashboard
12: Logger Reports
Use Navigation Explorers to locate pre-defined and user
_x0002_created report resources
Run a report using Run, Quick Run, or Run in Background and describe the differences
Use time range, device/storage group, and peer logger constraints when running a report
Run a report as a scheduled report job
Publish or Email report results
Use Report Category Filters (SysAdmin)
Manage server properties and deploy report bundles (SysAdmin)
Use the iPackager facility to create report bundles (SysAdmin)
13: Designing Reports
Copy and save a customized report to your needs
Use the facilities of the Adhoc Report Designer page to modify a report design
Use the icons in header of a report display to edit its design
Copy and save a customized report template to your needs
Edit a report layout to adjust the fonts, colors, and arrangement you want
14: Generating Reports
Create and edit a report query
Explain differences between Logger search queries and Logger report queries
Use the SQL Editor to construct report queries
Customize query fields with hyperlinks, formatting, and formulas
Group query fields for reports
Specify mandatory filtering on pre-defined fields or user specified fields
Create lookup values for field attributes
Create and use parameters and parameter groups
15: Using and Designing Report Dashboards
Modify the default home page for Reports to display a dashboard view
Design a new report dashboard
Configure and add Report and External Link widgets
Change the layout and contents of a report dashboard
Set preferences and views for report dashboards
Delete report dashboards and dashboard elements
16: Alerts and Notifications
Explain when and why alerts and notifications are generated
Create and edit Alerts and Notifications
Enable and disable Alerts and Notifications
Search for and view Alerts
Export Alerts for further analysis
17: Import, Export, Backup and Restore
Backup and restore a Logger configuration
Backup and restore reports and report definitions
Export and import Logger Alerts, Dashboards, Filters, Parsers, Saved Searches, and Source Types
Archive events for specific days, and schedule daily archiving
Retrieve error and audit logs