LOG215 – ArcSight Logger Search and Reporting

Kód kurzu: LOG215

Táto časť nie je lokalizovaná

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

Odborní
certifikovaní lektori

Mezinárodne
uznávané certifikácie

Široká ponuka technických
a soft skills kurzov

Skvelý zákaznicky
servis

Prispôsobenie kurzov
presne na mieru

Termíny kurzov

Počiatočný dátum: Na vyžiadanie

Forma: Prezenčná/Virtuálna

Dĺžka kurzu: 2 dni

Jazyk: en/cz

Cena bez DPH: 1 448 EUR

Registrovať

Počiatočný
dátum
Miesto
konania
Forma Dĺžka
kurzu
Jazyk Cena bez DPH
Na vyžiadanie Prezenčná/Virtuálna 2 dni en/cz 1 448 EUR Registrovať
G Garantovaný kurz

Nenašli ste vhodný termín?

Napíšte nám o vypísanoe alternatívneho termínu na mieru.

Kontakt

Popis kurzu

Táto časť nie je lokalizovaná

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

Please note this course is a subset of the Logger Administration and Operations course. This course covers only the search and reporting modules from the Logger Administration and Operations course.

Cieľová skupina

Táto časť nie je lokalizovaná

System analysts who need to search and run reports using arcsight logger

Štruktúra kurzu

Táto časť nie je lokalizovaná

1: Introduction to Logger

 Describe the basic features and functions of Logger
 Describe how different Logger models are used
 Explain how Logger processes event data
 Explain what CEF is and how it is used

2: Event Search

 Explain how (at a high level) Logger searches events
 Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
 Enable peer Loggers for searching
 Use unified Search page to initiate any type of search
 Use auto-complete feature to save time during data entry
 Describe how search results are displayed
 Narrow your search interactively using displayed results
 Use wild cards in search queries
 Explain how indexing improves search performance
 Modify field indexing

3: Search Tools

 Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
 Customize and save field sets for customized results displays
 Apply constraints to a search
 Validate performance of a query using Search Analyzer
 Run a search query and analyze results
 Refine and rerun a search with the results display
 Rerun a search at regular intervals using Auto Update
 Describe the function of a static correlation
 Use the Live Event Viewer to display real time raw events

4: Filters, Saves Searches & Scheduled Alerts

 Save a query as a filter or a saved search, and retrieve it later
 Describe the different types of filters used in Logger
 Create, copy, edit, or delete a shared filter
 Create and use search group filters
 Change search parameters using Advanced Search Options
 Search Logger from the ArcSight ESM Console

5: Logger Dashboards

 Describe the types of panels on a Dashboard
 Describe built-in Dashboards
 Create and modify a Dashboard

6: Exploring Logger Reports

 Use Navigation Explorers to locate pre-defined and user created report resources
 Run a report using Run, Quick Run, or Run in Background and describe the differences
 Use time range, device/storage group, and peer loggerconstraints when running a report
 Run a report as a scheduled report job
 Publish or Email report results
 Use Report Category Filters (SysAdmin)
 Manage server properties and deploy report bundles
(SysAdmin)

7: Designing Reports

 Copy and save a customized report to your needs
 Use the facilities of the Adhoc Report Designer page to modify a report design
 Use the icons in header of a report display to edit its design
 Copy and save a customized report template to your needs
 Edit a report layout to adjust the fonts, colors, and
arrangement you want

8: Generating Reports

 Create and edit a report query
 Explain differences between Logger search queries and Logger report queries
 Use the SQL Editor to construct report queries
 Customize query fields with hyperlinks, formatting, and formulas
 Group query fields for reports
 Specify mandatory filtering on pre-defined fields or user specified fields
 Create lookup values for field attributes
 Create and use parameters and parameter groups

9: Using and Designing Report Dashboards

 Modify the default home page for Reports to display a dashboard view
 Design a new report dashboard
 Configure and add Report and External Link widgets
 Change the layout and contents of a report dashboard
 Set preferences and views for report dashboards
 Delete report dashboards and dashboard elements

Predpokladané znalosti

Táto časť nie je lokalizovaná

  • Basic Logger knowledge or experience
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Basic Windows operating systems tasks and functions

Potrebujete poradiť alebo upraviť kurz na mieru?

pruduktová podpora