Course Description

Micro Focus ArcSight Intelligence behavioral analytics gives you a new lens through which to detect, investigate, and respond to threats that may be hiding in your enterprise—before your data is stolen. Intelligence uses advanced analytical models to measure behavior and to quantify risks. These models range from cluster models, which group together users and assets based on specific behavioral vectors, to volumetric anomaly models, rare activity models, and other higher-order models. Many different behavioral vectors are tracked and measured, which reduces the ability for malicious users or compromised accounts to "fake" normal behavior.

This course gives a security analyst’s platform who is new to the ArcSight Intelligence / Interset to learn the how effectively to leverage ArcSight Intelligence / Interset for identifying the high risk users and entities and to understand the internal threat scenarios. In this course, you learn, how ArcSight Interset dashboard can be used, how to utilize the controls provided for better threat analysis, how to use the navigation facilities, reporting features, exploring the raw events those are contributing to the risk scores etc.

Audience/Job Roles

This course is intended for SOC Admins and Analysts, Incident Response Managers, SecOps architects, Threat Hunt Teams, and Security Analysts that monitor an organization's operations for internal security threats.

Course Objectives

Upon successful completion of this course, you should be able to:

  • Understand Analytics Concepts in UEBA
  • How to use ArcSight Intelligence/Interset as a UEBA platform.
  • Expose the Dashboard facilities and features.
  • Access the details of high risk users, entities, raw events.
  • Be familiar with the reporting capabilities of Interset

Prerequisites/Recommended Skills

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic understanding of security operations, Log Management and Containerization.
  • Basic Understanding of ArcSight Ecosystem
  • Basic understanding of Unix operating system and commands, web technologies, network concepts
  • Have an interest in Cybersecurity and threat Hunting.
  • Complete SecOps Technical certification from Partner Portal

Course Agenda

  • Analytics Concepts in UEBA/ArcSight Intelligence
  • Accessing ArcSight Interset for Dashboard and home page
  • Understanding the Intelligence Dashboard – Explore Entities, Overall Risk and Raw Events Pages
  • Anomalies and Violations Panel, deep dive in to the timeline features
  • Filters, Matrix of Anomalies and Violations, User Defined Tags
  • Viewing Reports
  • Sample UEBA use cases

     Course Schedule

The schedule of this week session is 9 am to 1 pm CET, with the following details:

  • Tuesday and Wednesday - mandatory Virtual Instructor Led Training from 9.00am to 1.00pm CET.
  • Thursday - Optional Live Q&A session with Instructor and Lab Practice
  • Friday – Lab Practice.
  • Labs will be available 24x7, from Tuesday to Friday EOB - for Hands on Practice