Detailed Course Outline
Module 1: Architecture
- Describing the ArcSight Platform and its Architecture
- Describing the underlying CDF infrastructure
- Identifying the ArcSight Platform Capabilities
- Explaining other related components to the Platform
- Considerations and Best Practices
Module 2: System Requirements
- Describing the following:
- System Requirements
- Host Requirements
- DNS requirements
- NFS Requirements
- ArcSight Database
Module 3: YAML Files
- Configuring the ArcSight Platform YAML Files
Module 4: Installing ArcSight Platform
- Pre-installing ArcSight
- Installing ArcSight
Module 5: Post-Install Activities
- Checking the status of the ArcSight Platform Installation
- Accessing and exploring the ITOM Management Portal
- Running the post-install command to finalize the deployment
- Uploading License Files under the ITOM Management Portal
- Logging into Fusion for the First Time
Module 6: Transformation Hub Management from Fusion ArcMC
- Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion
- Retrieving the master root certificate
Module 7: Producing Events and Transformation Hub Ingestion
- Recognizing and describing how events are produced
- Describing event formats: classic (CEF) and AVRO
- Installing a CEF Producer and AVRO Producer of events
- Detailed walkthrough of the configuration steps and all parameters
- Sending Test Alerts Replay Events to Transformation Hub
- Validating Topics and Transformation Hub Ingestion
Module 8: Collectors and CTH Deployment from ArcMC
- Defining the difference between a Collector and Connector
- Listing the advantages of using Collectors
- Describing what’s needed to perform a Collector Deployment using ArcMC
- Deploying CTH from ArcMC and route events from th-syslog to other topics
Module 9: Topic and Route Management
- Managing Topic and Routes
- Local vs Global Event Enrichment
- Types of Stream Processor Instances in Transformation Hub
- Configuring Topics and Routes – Step by Step Example for Global Event Enrichment
Module 10: Integrating ESM and SOAR
- Configuring the ESM and SOAR Integration
- Verifying a Successful Integration
Module 11: Enabling Single Sign-On
- Configuring the ESM Admin User for Single Sign-on
- Enabling Single Sign-on
Module 12: Managing Users in ArcSight
- Managing ArcSight Users Overview
- Managing ESM Users
- Managing Fusion Users
- Managing SOAR Users
- Defining Recon User Permissions and Roles
- Defining Intelligence User Permissions and Roles
Module 13: Adding More ArcSight Capabilities
- Describing the benefits of adding more ArcSight capabilities
- Adding more ArcSight capabilities
- Specify mandatory filtering on pre-defined fields or user-specified fields
- Create lookup values for field attributes
- Create and use parameters and parameter groups