Course Description This course is a good starting point for a security analyst who is new to the Interset UEBA  product to learn the fundamentals of Micro Focus® Interset user and entity behavioral analytics (UEBA). In this course, you learn, using machine learning, how Interset UEBA distills billions of events into a prioritized list of high-quality security leads to focus and accelerate the efforts of your security operations center (SOC). Interset’s machine learning models, combined with a highly intuitive user interface (UI), accelerate threat detection and investigation from weeks to minutes. Interset UEBA produces high-quality threat leads, allowing your security teams to respond and remediate quickly and effectively.

     This course includes hands-on lab exercises that take you through setup, installation, configuration and real-life scenarios that occur

when internal security threats arise in your organization.

Audience/Job Roles

This course is intended for Incident Response Managers, Hunt Teams, and Security Analysts that monitor an organization's operations for internal security threats.

Course Objectives

Upon successful completion of this course, you should be able to:

  • Describe the concept of UEBA and Internal threat management
  • Recognize the components and capabilities of Interset UEBA.
  • Familiarize with the prerequisites, preparation, deployment and configuration of Interset solution
  • Understand how big data technology components are used in Interset to natively use unsupervised machine learning algorithms to discover new patterns and subsequently find new threats, enabling threat hunters, security practitioners, and security operations center (SOC) teams to effectively measure risk and choose a resource-efficient response.
  • Run data ingestion effectively to initiate the internal threat hunting.
  • Perform analytics using the different analytical models available in Interset.

   Use the GUI of Interset effectively and manage the risk scores.

  • high risk entities page, explore page, Kibana for raw data and various drill downs and search mechanisms.

       

Course Topics

Modules

Objectives

Module 1: Introduction to Interset and UEBA
  • UEBA – Definition, Features and Components
  • Why Interset, its Strengths and Significances
  • Securing data – Complementary roles
  • Enterprise data protection and the right tool for the job
  • Analytics and Unsupervised machine learning
  • Threat Detection Use Cases
  • Common security operations patterns and common problems
  • Insider Risk- The “alert janitor” pyramid

 

Module 2: Interset - Big Data
Architecture
  • Interset conceptual data flow
  • The analytical pipeline – overview
  • Interst’s Threat Detection Architecture
  • Interset’s AI-Enabled Threat Detection Platform
  • Big Data Components by role
  • Interset Cluster Components - Interset Components and Third-party Components
  • Interset node architecture - Node Details
  • Interset node architecture – Component Distributions
  • Interset component data flow - End-to-end and node data flow
  • Interset node architecture – Configuration

 

Module 3: Interset - Installation and Configuration
  • Architecture
  • High Level Installation Procedure
  • Installation
  • How to Start Interset after reboot
  • Management GUI Summary for Interset

 

Module 4: Interset- Data Ingest
  • Data Ingestion Process
  • Ingestion - Extracting Data, Transforming Data, Loading Data
  • Entities and Relations in Analytics
  • Ingestion - Data Validation
  • Extracting and Transforming Data with Apache NiFi
  • NiFi Configuration and  upload NiFi Template
  • Interset nifi templates and Canvas groups
  • Configure Data Loading with Apache Flume
  • Data Loading Configuration
  • Flume Configuration In Ambari Gui
  • Data Ingestion- Starting the Data Flow
  • Monitor Event Ingestion Process

         

Module 5 – Interset - Analytical Pipeline and Running Analytics
  • Framing the insider risk problem
  • Anomaly detection with “unique normal”
  • Risk Score and determining probability
  • The Analytic Process - Interset Approach
  • An analytics perspective of data movement
  • Running Analytics
  • Verifying Ingested Data and exposing the schema
  • Accessing OERMC table and Run Analytics Script
  • Accessing Resource Manager for exposing Analytics Jobs
  • Accessing Spark2 UI for Analytical job Status
  • Monitor the analytics process
  • Interset UI- Accessing the  Pages for data
  • Accessing Kibana to access the raw data

 

Modulo 6: Working with Interset
  • GUI Walkthrough
  • Exploring Overall Risk Score Page.
  • Identifying the top risky entities with the Entities Page
  • Understanding Matrix of Anomalies and Violations- Explore Page
  • Accessing Kibana to expose the raw data
  • Reports
  • Notifications and Alerts
  • User Management

 

 

 

 

 

Course Description This course is a good starting point for a security analyst who is new to the Interset UEBA  product to learn the fundamentals of Micro Focus® Interset user and entity behavioral analytics (UEBA). In this course, you learn, using machine learning, how Interset UEBA distills billions of events into a prioritized list of high-quality security leads to focus and accelerate the efforts of your security operations center (SOC). Interset’s machine learning models, combined with a highly intuitive user interface (UI), accelerate threat detection and investigation from weeks to minutes. Interset UEBA produces high-quality threat leads, allowing your security teams to respond and remediate quickly and effectively.

     This course includes hands-on lab exercises that take you through setup, installation, configuration and real-life scenarios that occur

when internal security threats arise in your organization.

Audience/Job Roles

This course is intended for Incident Response Managers, Hunt Teams, and Security Analysts that monitor an organization's operations for internal security threats.

Course Objectives

Upon successful completion of this course, you should be able to:

  • Describe the concept of UEBA and Internal threat management
  • Recognize the components and capabilities of Interset UEBA.
  • Familiarize with the prerequisites, preparation, deployment and configuration of Interset solution
  • Understand how big data technology components are used in Interset to natively use unsupervised machine learning algorithms to discover new patterns and subsequently find new threats, enabling threat hunters, security practitioners, and security operations center (SOC) teams to effectively measure risk and choose a resource-efficient response.
  • Run data ingestion effectively to initiate the internal threat hunting.
  • Perform analytics using the different analytical models available in Interset.

   Use the GUI of Interset effectively and manage the risk scores.

  • high risk entities page, explore page, Kibana for raw data and various drill downs and search mechanisms.

       

Course Topics

Modules

Objectives

Module 1: Introduction to Interset and UEBA
  • UEBA – Definition, Features and Components
  • Why Interset, its Strengths and Significances
  • Securing data – Complementary roles
  • Enterprise data protection and the right tool for the job
  • Analytics and Unsupervised machine learning
  • Threat Detection Use Cases
  • Common security operations patterns and common problems
  • Insider Risk- The “alert janitor” pyramid

 

Module 2: Interset - Big Data
Architecture
  • Interset conceptual data flow
  • The analytical pipeline – overview
  • Interst’s Threat Detection Architecture
  • Interset’s AI-Enabled Threat Detection Platform
  • Big Data Components by role
  • Interset Cluster Components - Interset Components and Third-party Components
  • Interset node architecture - Node Details
  • Interset node architecture – Component Distributions
  • Interset component data flow - End-to-end and node data flow
  • Interset node architecture – Configuration

 

Module 3: Interset - Installation and Configuration
  • Architecture
  • High Level Installation Procedure
  • Installation
  • How to Start Interset after reboot
  • Management GUI Summary for Interset

 

Module 4: Interset- Data Ingest
  • Data Ingestion Process
  • Ingestion - Extracting Data, Transforming Data, Loading Data
  • Entities and Relations in Analytics
  • Ingestion - Data Validation
  • Extracting and Transforming Data with Apache NiFi
  • NiFi Configuration and  upload NiFi Template
  • Interset nifi templates and Canvas groups
  • Configure Data Loading with Apache Flume
  • Data Loading Configuration
  • Flume Configuration In Ambari Gui
  • Data Ingestion- Starting the Data Flow
  • Monitor Event Ingestion Process

         

Module 5 – Interset - Analytical Pipeline and Running Analytics
  • Framing the insider risk problem
  • Anomaly detection with “unique normal”
  • Risk Score and determining probability
  • The Analytic Process - Interset Approach
  • An analytics perspective of data movement
  • Running Analytics
  • Verifying Ingested Data and exposing the schema
  • Accessing OERMC table and Run Analytics Script
  • Accessing Resource Manager for exposing Analytics Jobs
  • Accessing Spark2 UI for Analytical job Status
  • Monitor the analytics process
  • Interset UI- Accessing the  Pages for data
  • Accessing Kibana to access the raw data

 

Modulo 6: Working with Interset
  • GUI Walkthrough
  • Exploring Overall Risk Score Page.
  • Identifying the top risky entities with the Entities Page
  • Understanding Matrix of Anomalies and Violations- Explore Page
  • Accessing Kibana to expose the raw data
  • Reports
  • Notifications and Alerts
  • User Management