ArcSight Logger 7.x Administration and Operations with Certified Expert Exam

Kód kurzu: LOG210

Táto časť nie je lokalizovaná

This course teaches you the essentials of the ArcSight Logger solution – both hardware and software – as well as giving you information on how to design a complete solution. This instructor-led training course will cover the core features of the ArcSight Logger solution as well as advanced features.

certifikovaní lektori

uznávané certifikácie

Široká ponuka technických
a soft skills kurzov

Skvelý zákaznicky

Prispôsobenie kurzov
presne na mieru

Termíny kurzov

Počiatočný dátum: Individuálny

Forma: Prezenčná/Virtuálna

Dĺžka kurzu: 5 dní

Jazyk: en/cz

Cena bez DPH: 2 400 EUR


Forma Dĺžka
Jazyk Cena bez DPH
Individuálny Prezenčná/Virtuálna 5 dní en/cz 2 400 EUR Registrovať
G Garantovaný kurz

Nenašli ste vhodný termín?

Napíšte nám o vypísanoe alternatívneho termínu na mieru.


Popis kurzu

Táto časť nie je lokalizovaná

This course teaches you the essentials of the ArcSight Logger solution – both hardware and software – as well as giving you information on how to design a complete solution. This instructor-led training course will cover the core features of the ArcSight Logger solution as well as advanced features.
This course also prepares you for the Logger certification exam. The exam is administered on the last day of the class and is a hands-on, performance-based exam.

Cieľová skupina

Táto časť nie je lokalizovaná

Security operators, Network operators

Štruktúra kurzu

Táto časť nie je lokalizovaná

1: Introduction to Logger
 Describe the basic features and functions of Logger
 Describe how different Logger models are used
 Explain how Logger processes event data
 Explain what CEF is and how it is used
2: Installing and Configuring Logger
 Install and configure Software Logger
 Describe how to update & uninstall Software Logger
 Initialize and configure a Logger appliance
 Log into the Logger browser interface
3: Navigating Logger

 List browser requirements for the Logger User Interface (UI)
 Describe functions accessible from each main tab of the Logger UI
 Navigate to specific topics within the Logger UI
 Use the Dashboards tab to graphically track basic Logger
system functions
4: Logger Configuration
 Use appropriate options on Configuration drop-down menu to access, configure, and verify Logger functions
 Configure a Peer Logger
 Access System Maintenance functions
5: Configuring Logger Event Input and Output
 Create, edit, and delete Receivers
 Manage devices and device groups
 Associate devices with device groups
 Associate storage rules with device and storage groups
 Create, edit, and delete ESM destinations and manage SSL certificates
 Create, edit, and delete Forwarders
6: System Admin Settings
 Locate and configure Logger Appliance Network settings
 Obtain audit log content and enable support login
 Perform system and license updates
 Mount and configure remote storage
 Generate and install signed certificates
 Enable CAC and/or FIPS 140-2 security
7: Managing Users and Groups
 Create user groups in Logger
 Assign user group privileges
 Edit and delete user groups
 Add users in Logger
 Assign users to groups
 Edit and delete users
 Specify global login, password, and authentication settings
8: Event Search

 Explain how (at a high level) Logger searches events
 Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
 Enable peer Loggers for searching
 Use unified Search page to initiate any type of search
 Use auto-complete feature to save time during data entry
 Describe how search results are displayed
 Narrow your search interactively using displayed results
 Use wild cards in search queries
 Explain how indexing improves search performance
 Modify field indexing
9: Search Tools

 Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
 Customize and save field sets for customized results displays
 Apply constraints to a search
 Validate performance of a query using Search Analyzer
 Run a search query and analyze results
 Refine and rerun a search with the results display
 Rerun a search at regular intervals using Auto Update
 Describe the function of a static correlation
 Use the Live Event Viewer to display real time raw events
10: Filters, Saves Searches & Scheduled Alerts
 Save a query as a filter or a saved search, and retrieve it later
 Describe the different types of filters used in Logger
 Create, copy, edit, or delete a shared filter
 Create and use search group filters
 Run a saved search job
 Create a saved search alert
 Save search results to local Logger and retrieve them
 Change search parameters using Advanced Search Options
 Search Logger from the ArcSight ESM Console
11: Logger Dashboards
 Describe the types of panels on a Dashboard
 Describe built-in Dashboards
 Create and modify a Dashboard
12: Logger Reports

 Use Navigation Explorers to locate pre-defined and user

_x0002_created report resources
 Run a report using Run, Quick Run, or Run in Background and describe the differences
 Use time range, device/storage group, and peer logger constraints when running a report
 Run a report as a scheduled report job
 Publish or Email report results
 Use Report Category Filters (SysAdmin)
 Manage server properties and deploy report bundles (SysAdmin)
 Use the iPackager facility to create report bundles (SysAdmin)
13: Designing Reports

 Copy and save a customized report to your needs
 Use the facilities of the Adhoc Report Designer page to modify a report design
 Use the icons in header of a report display to edit its design
 Copy and save a customized report template to your needs
 Edit a report layout to adjust the fonts, colors, and arrangement you want
14: Generating Reports
 Create and edit a report query
 Explain differences between Logger search queries and Logger report queries
 Use the SQL Editor to construct report queries
 Customize query fields with hyperlinks, formatting, and formulas
 Group query fields for reports
 Specify mandatory filtering on pre-defined fields or user specified fields
 Create lookup values for field attributes
 Create and use parameters and parameter groups
15: Using and Designing Report Dashboards
 Modify the default home page for Reports to display a dashboard view
 Design a new report dashboard
 Configure and add Report and External Link widgets
 Change the layout and contents of a report dashboard
 Set preferences and views for report dashboards
 Delete report dashboards and dashboard elements
16: Alerts and Notifications
 Explain when and why alerts and notifications are generated
 Create and edit Alerts and Notifications
 Enable and disable Alerts and Notifications
 Search for and view Alerts
 Export Alerts for further analysis
17: Import, Export, Backup and Restore
 Backup and restore a Logger configuration
 Backup and restore reports and report definitions
 Export and import Logger Alerts, Dashboards, Filters, Parsers, Saved Searches, and Source Types
 Archive events for specific days, and schedule daily archiving
 Retrieve error and audit logs

Predpokladané znalosti

Táto časť nie je lokalizovaná

To be successful in this course, you should have the following prerequisites or knowledge:

  • Common network device functions such as routers, switches, and hubs.
  • TCP/IP functions such as CIDR blocks, subnets, addressing, and communications
  • Windows operating systems tasks such as installations, services, sharing, and navigation
  • Linux or Cent OS experience with shell command lines“

Potrebujete poradiť alebo upraviť kurz na mieru?

pruduktová podpora