Course Description

Micro Focus ArcSight Recon is a comprehensive SIEM log management tool and security analytics solution that eases compliance burdens and accelerates forensic investigation.

This course is a good starting point for a security analyst who is new to the ArcSight Recon product to learn the fundamentals, architecture, deployment and operationalization of Micro Focus® Recon. In this course, you learn, how ArcSight Recon helps you for understanding Centralize log management, Hunt and defeat threats faster, Report for compliance, Store data at scale and Integrate with your security environment

Audience/Job Roles

This course is intended for SOC Admins and Analysts, Incident Response Managers, SecOps architects, Threat Hunt Teams, and Security Analysts that monitor an organization's operations for internal security threats.

Course Objectives

Upon successful completion of this course, you should be able to:

  • Describe the concept of ArcSight Recon and Log management in SIEM.
  • Threat Hunting and capabilities of   ArcSight Recon.
  • Familiarize the basic use the GUI of ArcSight Recon effectively and manage Report for Compliance.
  • Perform Threat Hunting  using Threat Intelligence and MITRE ATT&CK
  • Be familiar with Saved Searches, outliers and Messages

Prerequisites/Recommended Skills

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic understanding of security operations, Log Management and Containerization.
  • Basic Understanding of ArcSight Ecosystem
  • Basic understanding of Unix operating system and commands, web technologies, network concepts
  • Have an interest in Cybersecurity and threat Hunting
  • Complete SecOps Technical certification from Partner Portal

Course Agenda

  • ArcSight Recon Concepts and Recon  as a data lake
  • GUI Navigation, contents and Reports overview
  • Threat Hunting using Threat Intelligence
  • Threat Hunting using MITRE ATT&CK
  • Additional Saved Searches
  • Outliers
  • Messages

     Course Schedule

The schedule of this week session is 9 am to 1 pm CET, with the following details:

  • Tuesday and Wednesday - mandatory Virtual Instructor Led Training from 9.00am to 1.00pm CET.
  • Thursday - Optional Live Q&A session with Instructor and Lab Practice
  • Friday – Lab Practice.
  • Labs will be available 24x7, from Tuesday to Friday EOB - for Hands on Practice