{"course":{"productid":33434,"modality":6,"active":true,"language":"en","title":"ArcSight-ESM-Advanced Analyst with Certified Expert Exam","productcode":"ESM320-76","vendorcode":"MF","vendorname":"OpenText","fullproductcode":"MF-ESM320-76","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.de\/course\/opentext-esm320-76","objective":"<p>Upon successful completion of this course, you should be able to:\n<\/p>\n<ul>\n<li>Navigate ArcSight ESM console and command center to correlate, investigate, analyze and remediate both exposed and obscure threats<\/li><li>Construct ArcSight variables to provide advanced analysis of the event stream<\/li><li>Develop ArcSight lists and rules to allow advanced correlation activities<\/li><li>Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies<\/li><li>Design new report templates and create functional reports<\/li><li>Find events through the search tools<\/li><\/ul>","essentials":"<p>To be successful in this course, you should have the following prerequisites or knowledge:\n<\/p>\n<ul>\n<li>Common security devices such as IDS and firewalls<\/li><li>Common network device functions, such as routers, switches, and hubs<\/li><li>TCP\/IP functions such as CIDR blocks, subnets, addressing, and communications<\/li><li>Basic Windows operating system tasks and functions<\/li><li>Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses<\/li><li>SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards<\/li><li>Completed the ArcSight ESM Administrator and Analyst course or 6 months experience administering ArcSight ESM<\/li><\/ul>","audience":"<p>This course is intended for analysts responsible for:\n<\/p>\n<ul>\n<li>Defining their organization&rsquo;s security objectives<\/li><li>Building or using advanced content to correlate, view and respond to those security objectives.<\/li><\/ul><ul>\n<li><\/li><\/ul>","contents":"<ul>\n<li>Module 1: ESM Overview<\/li><li>Module 2: Command Center<\/li><li>Module 3: ArcSight Console<\/li><li>Module 4: Active Channels<\/li><li>Module 5: Filters<\/li><li>Module 6: Variable Customization<\/li><li>Module 7: Data Monitors and Dashbords<\/li><li>Module 8: ESM Lists<\/li><li>Module 9: ESM Rules<\/li><li>Module 10: Query Viewers Authoring<\/li><li>Module 11: ESM Reports<\/li><li>Module 12: Unified Event Search Tools<\/li><\/ul>","outline":"<p>Module 1: ESM Overview\n<\/p>\n<ul>\n<li>Identify ESM Architecture<\/li><li>Describe the content of the ArcSight Event Schema<\/li><li>List the phases of the ArcSight Event Lifecycle<\/li><li>Describe the event processing and schema population performed during each phase of the event lifecycle<\/li><li>List the resources and tools applicable to specific phases of the event lifecycle<\/li><\/ul><p>Module 2: Command Center\n<\/p>\n<ul>\n<li>Access the ArcSight ESM Command Center<\/li><li>Monitor Usage Metrics<\/li><li>View System Metrics<\/li><li>Use the SOC\/MITRE Dashboards<\/li><li>Access and use Active Lists<\/li><li>Utilize Field Sets<\/li><\/ul><p>Module 3: ArcSight Console\n<\/p>\n<ul>\n<li>Launch the ArcSight Console<\/li><li>Identify toolbar components and their functions<\/li><li>List the different views available in the Viewer panel<\/li><li>Identify three methods to access Console Help<\/li><li>Describe the Reference Resources and their characteristics<\/li><li>Identify ESM Console preference options<\/li><li>Customize your ESM Console<\/li><\/ul><p>Module 4: Active Channels\n<\/p>\n<ul>\n<li>Create a new Active Channel<\/li><li>View the details of an event<\/li><li>Identify Dynamic and Static Active Channels<\/li><\/ul><p>Module 5: Filters\n<\/p>\n<ul>\n<li>Describe Filter types and usage<\/li><li>Add, edit and save Filters to an Active Channel<\/li><li>Define the Common Conditions Editor<\/li><\/ul><p>Module 6: Variable Customization\n<\/p>\n<ul>\n<li>Describe functions available in Variables<\/li><li>Create both Local and Global Variables<\/li><li>Promote Local to Global Variables<\/li><li>Share Global Variables among multiple resources<\/li><\/ul><p>Module 7: Data Monitors and Dashbords\n<\/p>\n<ul>\n<li>Identify Data Monitor types and functions<\/li><li>Create a Data Monitor<\/li><li>Access and Use Dashboards<\/li><li>Modify Dashboard Data Monitor Layouts<\/li><\/ul><p>Module 8: ESM Lists\n<\/p>\n<ul>\n<li>Describe the differences between Active and Session Lists<\/li><li>Create and validate Active and Session List integration Rules<\/li><\/ul><p>Module 9: ESM Rules\n<\/p>\n<ul>\n<li>Create and validate the following:<\/li><li>Rule behavior<\/li><li>Brute Force Login Attempt and Successful rules<\/li><li>Light Weight rules and Pre-Persistent rules<\/li><\/ul><p>Module 10: Query Viewers Authoring\n<\/p>\n<ul>\n<li>Define Queries<\/li><li>Describe Query Viewers<\/li><li>Explain the advantages of using Query Viewers<\/li><li>Create the following functions with Query Viewers:<\/li><li>Drilldowns<\/li><li>Baselines<\/li><li>Reports<\/li><li>Dashboard views<\/li><\/ul><p>Module 11: ESM Reports\n<\/p>\n<ul>\n<li>List the components in the Report Workflow<\/li><li>List the different types of Reports<\/li><li>Run a Report from the Navigator panel<\/li><li>View an Archive Report from the Navigator panel<\/li><li>Set up a scheduled Report job<\/li><li>Build a custom Report<\/li><li>Build a custom Trend Report<\/li><\/ul><p>Module 12: Unified Event Search Tools\n<\/p>\n<ul>\n<li>Describe how keyword, field-based and pipeline searches are performed<\/li><li>Describe how search results are displayed<\/li><li>Use the unified Search page to initiate any type of search<\/li><li>Use Search Helper and Search Builder features to save time constructing search expressions<\/li><li>Load, modify, and save search filters and saved searches<\/li><li>Enable peer ESM and Logger instances for searching<\/li><\/ul>","summary":"<p>This course provides you with the knowledge required to use advanced ArcSight ESM content to find and correlate\nevent information, perform actions such as notifying stakeholders, graphically analyze event data, and report on\nsecurity incidents. You will familiarize and\/or reinforce your understanding of the advanced correlation capabilities\nwithin ArcSight ESM that provide a significant edge in detecting active attacks.<\/p>\n<p>This course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and\nre-mediate security incidents. During the training, you will use variables and correlation activities, customize report\ntemplates for dynamic content, and customize Dashboards to monitor incidents.<\/p>\n<p>The last day of class offers a hands-on exam. Passing the exam awards you with Certified Expert badge.<\/p>","objective_plain":"Upon successful completion of this course, you should be able to:\n\n\n\n- Navigate ArcSight ESM console and command center to correlate, investigate, analyze and remediate both exposed and obscure threats\n- Construct ArcSight variables to provide advanced analysis of the event stream\n- Develop ArcSight lists and rules to allow advanced correlation activities\n- Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies\n- Design new report templates and create functional reports\n- Find events through the search tools","essentials_plain":"To be successful in this course, you should have the following prerequisites or knowledge:\n\n\n\n- Common security devices such as IDS and firewalls\n- Common network device functions, such as routers, switches, and hubs\n- TCP\/IP functions such as CIDR blocks, subnets, addressing, and communications\n- Basic Windows operating system tasks and functions\n- Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses\n- SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards\n- Completed the ArcSight ESM Administrator and Analyst course or 6 months experience administering ArcSight ESM","audience_plain":"This course is intended for analysts responsible for:\n\n\n\n- Defining their organization\u2019s security objectives\n- Building or using advanced content to correlate, view and respond to those security objectives.\n\n-","contents_plain":"- Module 1: ESM Overview\n- Module 2: Command Center\n- Module 3: ArcSight Console\n- Module 4: Active Channels\n- Module 5: Filters\n- Module 6: Variable Customization\n- Module 7: Data Monitors and Dashbords\n- Module 8: ESM Lists\n- Module 9: ESM Rules\n- Module 10: Query Viewers Authoring\n- Module 11: ESM Reports\n- Module 12: Unified Event Search Tools","outline_plain":"Module 1: ESM Overview\n\n\n\n- Identify ESM Architecture\n- Describe the content of the ArcSight Event Schema\n- List the phases of the ArcSight Event Lifecycle\n- Describe the event processing and schema population performed during each phase of the event lifecycle\n- List the resources and tools applicable to specific phases of the event lifecycle\nModule 2: Command Center\n\n\n\n- Access the ArcSight ESM Command Center\n- Monitor Usage Metrics\n- View System Metrics\n- Use the SOC\/MITRE Dashboards\n- Access and use Active Lists\n- Utilize Field Sets\nModule 3: ArcSight Console\n\n\n\n- Launch the ArcSight Console\n- Identify toolbar components and their functions\n- List the different views available in the Viewer panel\n- Identify three methods to access Console Help\n- Describe the Reference Resources and their characteristics\n- Identify ESM Console preference options\n- Customize your ESM Console\nModule 4: Active Channels\n\n\n\n- Create a new Active Channel\n- View the details of an event\n- Identify Dynamic and Static Active Channels\nModule 5: Filters\n\n\n\n- Describe Filter types and usage\n- Add, edit and save Filters to an Active Channel\n- Define the Common Conditions Editor\nModule 6: Variable Customization\n\n\n\n- Describe functions available in Variables\n- Create both Local and Global Variables\n- Promote Local to Global Variables\n- Share Global Variables among multiple resources\nModule 7: Data Monitors and Dashbords\n\n\n\n- Identify Data Monitor types and functions\n- Create a Data Monitor\n- Access and Use Dashboards\n- Modify Dashboard Data Monitor Layouts\nModule 8: ESM Lists\n\n\n\n- Describe the differences between Active and Session Lists\n- Create and validate Active and Session List integration Rules\nModule 9: ESM Rules\n\n\n\n- Create and validate the following:\n- Rule behavior\n- Brute Force Login Attempt and Successful rules\n- Light Weight rules and Pre-Persistent rules\nModule 10: Query Viewers Authoring\n\n\n\n- Define Queries\n- Describe Query Viewers\n- Explain the advantages of using Query Viewers\n- Create the following functions with Query Viewers:\n- Drilldowns\n- Baselines\n- Reports\n- Dashboard views\nModule 11: ESM Reports\n\n\n\n- List the components in the Report Workflow\n- List the different types of Reports\n- Run a Report from the Navigator panel\n- View an Archive Report from the Navigator panel\n- Set up a scheduled Report job\n- Build a custom Report\n- Build a custom Trend Report\nModule 12: Unified Event Search Tools\n\n\n\n- Describe how keyword, field-based and pipeline searches are performed\n- Describe how search results are displayed\n- Use the unified Search page to initiate any type of search\n- Use Search Helper and Search Builder features to save time constructing search expressions\n- Load, modify, and save search filters and saved searches\n- Enable peer ESM and Logger instances for searching","summary_plain":"This course provides you with the knowledge required to use advanced ArcSight ESM content to find and correlate\nevent information, perform actions such as notifying stakeholders, graphically analyze event data, and report on\nsecurity incidents. You will familiarize and\/or reinforce your understanding of the advanced correlation capabilities\nwithin ArcSight ESM that provide a significant edge in detecting active attacks.\n\nThis course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and\nre-mediate security incidents. During the training, you will use variables and correlation activities, customize report\ntemplates for dynamic content, and customize Dashboards to monitor incidents.\n\nThe last day of class offers a hands-on exam. Passing the exam awards you with Certified Expert badge.","skill_level":"Beginner","version":"7.6","duration":{"unit":"d","value":5,"formatted":"5 days"},"pricelist":{"List Price":{"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":3750},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":4000}}},"lastchanged":"2025-07-29T12:18:23+02:00","parenturl":"https:\/\/portal.flane.de\/ibb\/en\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.de\/ibb\/en\/json-course-schedule\/33434","source_lang":"en","source":"https:\/\/portal.flane.de\/ibb\/en\/json-course\/opentext-esm320-76"}}