Detailed Course Outline
Chapter 1: Introduction to Product Features and Architecture
- Describe problems ArcSight Management Center solves
- Recognize the ArcSight Platform architecture
- Describe where ArcMC fits in the ArcSight Platform
- Understand the deployment options for ArcMC functionality: containerized or standalone (also known as non-containerized)
Chapter 2. Installing Software ArcMC (Non-Containerized)
- Recognize the requirements for installing Software ArcMC
- Describe the installation steps for Software ArcMC
- Recognize uploading ArcMC licenses and start/stop of ArcMC processes
- Describe how the ArcMC product’s UI is organized
- Log into the ArcMC UI to verify a healthy operational status
Chapter 3: System Administration for ArcMC (Non-Containerized)
- Describe the System Admin Sub-Menu options in the UI interface
- Differentiate ArcMC Appliance and Software ArcMC System Admin capabilities
- Locate and configure software ArcMC device settings
- Define a Password Policy and Login Banner for ArcMC users
- Review and configure Sys Admin settings, including defining a password policy and login banner
Chapter 4: Node Management with Fusion ArcMC (Containerized) – ArcMC and Logger Nodes
- Recognize how ArcMC uses Node Management to manage ArcMC (non-containerized) instance and Logger node types
- Describe the Node Management Tasks available in the ArcMC Console
- Understand how to add nodes from a host
- Learn how to import hosts from a CSV file
- Identify, add, and organize ArcSight hosts and nodes using locations
- Describe ArcMC Agent functionality and installation and upgrade steps
- Understand how the initial configuration feature serves as a rapid and uniform setup for multiple ArcSight Loggers
- Create location management entities
- Import software ArcMC and Logger nodes using manual and bulk operations
- Address credential issues, and upgrading, ArcMC agent version
Chapter 5: Node Management – Importing Hosts with Connectors using Core and Software ArcMC Consoles
- Recognize how ArcMC uses Node Management to manage Hosts with Connectors node type.
- Gain experience installing and configuring Connectors
- Learn how to import a host with connectors
- Identify the steps to re-scan a host to bring new Connectors as managed nodes
- Explore how a single host can comprise multiple nodes (connectors) for management purposes
- Describe the Node Management tools to manage connectors, containers, and destinations through the ArcMC interface
- Recognize the Health indicators in the ArcMC Monitory Summary dashboard
- Install a connector via SmartConnector wizard
- Describe the steps to import Windows, and Linux hosts with connectors as ArcMC managed nodes
Chapter 6: Node Management – Managing Connector Parameters using ArcMC Console
- Recognize how ArcMC uses Node Management to centrally manage Connectors’ Configuration settings
- Describe the main connector managed components: container, connector configuration and destination configuration
- Manage Connector parameters using Core ArcMC Console
- Pull and review audit logs generated connectors via Core ArcMC console
- Describe how Node Management deals with day-to-day operations and fine tuning of Hosts with Connector nodes
Chapter 7: Configuration Management
- Describe how ArcMC Configuration Management works
- Identify the differences between Initial configurations and subscriber configurations
- Create various subscriber configurations
- Discuss Best Practices for use of configuration management
- Create configuration templates for managing settings in managed software ArcMC, Logger and Connectors
- Create policies to manage several types of receivers in Logger nodes
- Consolidate Filter resources in Logger nodes
- Create mapping file configuration for managed connectors
- Create configuration baselines for managed nodes
- Manage ArcSight Network Model resources such as Networks and Zones settings for managed connectors
Chapter 8. Managing Users on Managed Products
- Describe how user management and role-based access control are applied to managing users in an ArcSight Deployment
- Describe the different components that make up User Management
- Run and investigate non-compliant user configurations
- Implement role-based access control RBAC for standalone ArcMCs and Logger devices
- Describe the steps to generate compliance reports to list and validate users/groups/roles implemented in managed nodes
Chapter 9: Documenting Capabilities in ArcSight Platform Instance
- Identify the ArcSight Platform capabilities using ITOM and Core Interfaces
- Describe the configuration of ArcSight Platform to enable ArcMC functionality known as Core ArcMC
- Articulate how the Core UI is organized
- Describe how to validate the state of ArcSight Platform components (pods) using CLI and ITOM Interface
- Document the capabilities deployed in your ArcSight Platform instance
- Identify the versions of Core (Fusion) and Transformation Hub capabilities
- Recognize the dependencies between Fusion, Transformation Hub and ArcMC
Chapter 10: Managing Transformation Hub - Importing Host in Core ArcMC
- Describe the steps to integrate Transformation Hub (TH) and ArcMC
- Describe and configure Producers and Consumers in TH
- Identify the state of TH in the Summary Dashboard
- Import Transformation Hub as a managed node using the Core ArcMC interface
- Manage Connectors with Transformation Hub Destinations
- Identify the steps to configure ESM and Logger as Transformation Hub Consumers
Chapter 11: Managing Transformation Hub – Routing Events Between Topics
- Recognize the configuration properties for topic and routing rules resources
- Describe the steps to create Kafka topics in Transformation Hub via Core ArcMC interface
- Configure Route and Filter of Events Between Topics from Core ArcMC interface
- Describe the steps to set a Logger consumer to pull events from a newly created topic
- Recognize the ArcMC Monitoring Dashboards to validate event routing configuration and operation
Chapter 12: Managing Breach Rules and Monitoring Dashboards in ArcMC
- Describe the steps to create breach rules for managed nodes and devices
- Identify the built-in monitoring rules and dashboards
- Recognize ArcMC Monitoring Dashboards to determine node and device health
- Describe the steps to Inspect Audit logs in ArcMC generated by breach rules
Chapter 13: Generator ID Management in ArcMC
- Recognize Global Event ID Design and Features
- Describe the steps to configure ArcMC as a Generator ID Manager
- Recognize how ArcMC assigns Generator IDs to Manage Nodes
- Describe the steps to assign Generator IDs to software ArcMC (non-containerized) and Logger processes via ArcMC Generator ID Manager
- Identify the assigned Generator IDs using the Generator ID Manager panel
Chapter 14: ArcMC Product Administration – Application Tools
- Describe the ArcMC tools under the Administration > Application menu: Backup, Restore Snapshot Logger Data Consumption Report
- Describe the steps to perform rapid installation of connectors using ArcMC’s Instant Deployment feature
- Recognize how Audit Events are forwarded by a standalone ArcMC Software instance
- Describe the steps to install and configure a Syslog Connector via Configuration Management Templates
- Identify ArcMC Audit Events in standalone ArcMC Software and Logger Interfaces
Chapter 15: ArcMC Product Administration – Repositories and Node Upgrades
- Recognize how ArcMC repositories are used to upload upgrade or content update files
- Identify the steps to upgrade Logger and standalone ArcMC Software managed nodes
- Perform upgrade of Connectors Framework and parser using ArcSight Update Files
- Describe the steps to perform the remote upgrade of Loggers, Software ArcMC and Connectors via Core (Fusion) ArcMC interface.
- Describe the steps to install, configure and upgrade Syslog Connectors using ArcMC interface