Course Description
This course provides you with techniques to proactively analyze and troubleshoot the ESM 7.0 Database and Manager to provide efficient services to your organization. This course shows you how to design and deploy hierarchical, fault tolerant manager implementations as well integration strategies between ArcSight ESM and other ArcSight appliances such as Logger, Connector Appliance, Command Center and the other ArcSight products.
Audience/Job Roles
This course is intended for Administrators who:
Install, maintain, and troubleshoot ESM components
Design and implement integrations between ArcSight ESM and other ArcSight appliances
Proactively investigate the health of the ESM CORRE environment
Course Objectives
Upon successful completion of this course, you should be able to:
Review ArcSight enterprise solutions
o Hierarchical, high availability and fail over capabilities DCC
Install multiple SmartConnectors to provide peer to peer and fail over connections
Configure a hierarchical multi-manager setup using the ArcSight forwarding connector
Configure ArcSight ESM CORRE to:
Provide password lock out criteria
o Allow for larger log files
o Provide for single session logins
o Deploy a new ArcSight license
o Custom Console functionality
o Categorize specific network events
o Import assets using the Asset Import FLEX Connector
o Personalize the ArcSight Web interface
Review the Manager and Connector to troubleshoot your ArcSight environment
Prerequisites/Recommended Skills
To be successful in this course, you should have the following prerequisites or knowledge:
Common security devices such as IDS and firewalls
Common network device functions, such as routers, switches, and hubs
TCP/IP functions such as CIDR blocks, subnets, addressing, and communications
Basic Windows operating system tasks and functions
Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
Completed the ArcSight ESM Administrator and Analyst course, or have at least 6 months experience administering ArcSight ESM
Learning Path
ArcSight Admin and analyst
ArcSight Advanced Administrator CSE
Or
ArcSight Advanced Analyst CSE
And
ArcSight Logger
Course Outline
Introduction
Section 1: Describe Identity Manager
Section 2: Install the Identity Manager Engine
Section 3: Review iManager
Section 4: Configure eDirectory Rights
Section 5: Understand Designer for Identity Manager
Section 6: Install Drivers with Package Management
Section 7: Configure Utopia Employee HR SQL Driver
Section 8: Administer Identity Manager
Section 9: Use Analyzer
Section 10: Configure Identity Manager Drivers
Section 11: Manage Policies and Filters
Section 12: Use DSTrace
Section 13: Implement Identity Manager Password Synchronization
Course Prerequisites
It is recommended (although not required) that attendees are familiar with:
- LDAP
- XML
- Active Directory
- Linux Fundamentals