ARCSIGHT ESM OVERVIEW
  • ArcSight Objectives and Overview
  • ESM Components – Overview without Event Broker
  • ESM Components – Overview with Event Broker
  • ESM Components
  • ArcSight Event Schema
  • Normalization Process
  • Event Schema Groups
  • Seven Phases of Event Lifecycle – Overview
Phase 1 - Data Collection and Event Processing
  • Collection and Normalization of Event Data
  • Collection of Event Data
  • Normalizing Event Data.
  • Applying Event Categories.
  • Applying Event Categories
  • Event Category Model.
  • Customer and Zone Lookup.
  • Filtering and Aggregation.
Phase 2 - Network Model Lookup & Priority Evaluation
  • Network Model Lookup
  • Priority Evaluation.
  • Priority Formula Factors
  • Priority Rating
Phase 3 - Correlation Evaluation
  • Tools Used to Correlate.
  • Phase 4 – Monitoring and Investigation
  • Monitoring and Investigation Tools
Phase 5 - Workflow
  • ESM Workflow.
Phase 6 - Incident Analysis and Reporting.
  • Reporting Tools.
Phase 7 Archiving
  • Time to Review
  • Summary
USING ARCSIGHT ESM CONSOLE
  • Objectives
  • Running the Console – 2 Methods.
  • ESM Console Window
  • Toolbar Commands
  • Slide Show View.
  • Navigator Panel -3 Tabs.
  • Navigator Panel – Resources Tab
  • Navigator Panel – Use Cases Tab
  • Viewer Panel Views.
  • Inspect/Edit Panel
  • ESM Console Help Feature
  • ESM Console Help Window.
  • Reference Resources – Overview.
  • Knowledge Base
  • File Resource….
  • Reference Pages.
  • ESM Console Preferences – Overview
  • The Programs Pane
  • Global Options Pane.
  • Grid View Options Pane
  • Latitude and Longitude Pane
  • Event Graph Pane.
  • Notifications Pane.
  • Popup controls.
  • Manage Hotkeys Pane.
  • Time to Review.
  • Summary
ESM ACTIVE CHANNELS
  • What is a Field
  • Active Channel Display Elements
  • Field Sets
  • Date and Time Stamps.
  • Dynamic and Static Active Channels.
  • Identifying Dynamic and Static Active Channels.
  • Time to Review
  • summary
  • Activity 3
ESM FILTERS
  • What are Filters? _…
  • Filters in ESM Manager.
  • Filters in Rules ……
  • Filters in Data Monitors.
  • Filters in Queries and Reports……
  • Applying Filters in Connectors
  • Types of Filters.
  • Filter Editor….
  • Common Conditions Editor
  • Filters in Active Channels ….
  • Filters in Active Channels …
  • Filters in Active Channels – Resources.
  • Filters in Active Channels – Unnamed local filter condition
  • Filters In Active Channels – Inline Filters.
  • Filters in Active Channels – Analyse in Channel……
  • Visualizing Inline Filters.
  • Debugging Filters.
  • Putting it All Together.
  • Integration Commands
  • Time to Review.
  • Activity 4
ESM VARIABLE CUSTOMIZATION OBJECTIVES
  • Overview
  • Variables Review:
  • Where are Variables Configured?
  • Benefits of Using Variables ….
  • Types of Variables ….
  • Steps to Create Local Variables
  • Steps to Create Global Variables.
  • Steps to Promote Local to Global Variables.
  • Function Descriptions
  • Function Group – Allias Field
  • Function Group – Arithmetic.
  • Function Group – Category Model
  • Function Group – Conditional
  • Function Group – Group
  • Function Group – IP Address
  • Function Group – List.
  • Function Group – String
  • Function Group – Timestamp
  • Function Group – Type Conversion.
  • Function Group – Value List.
  • Use Cases with Variables.
  • Time to Review
  • Activity 5
DATA MONITORS AND DASHBOARDS
  • Overview:
  • Data Monitors.
  • Data Monitor Types.
  • Types of Event-based Data Monitors.
  • Event-based Data Monitors – Asset Category Count…
  • Event-based Data Monitors – Event Graph.
  • Event-based Data Monitors – Geographic Event Graph.
  • Event-based Data Monitors – Hierarchy Map
  • Event-based Data Monitors – Hourly Counts.
  • Event-based Data Monitors – Last N Events
  • Event-based Data Monitors – Last State
  • Event-based Data Monitors – Top Value Counts (Bucketized).
  • Types of Correlation Data Monitors.
  • Explaining Data Monitor Correlation.
  • Correlation Data Monitors – Event Correlation
  • Correlation Data Monitors – Event Reconciliation
  • Correlation Data Monitors – Moving Average.
  • Correlation Data Monitors – Session Reconciliation.
  • Correlation Data Monitors – Statistics
  • Types of Non-events Based Data Monitors
  • Non-event Based Data Monitors – Database Transaction Volume
  • Non-event Based Data Monitors – System Information
  • Non-event Based Data Monitors – Rules Partial Match
  • Dashboards are driven by Data Monitors
  • Dashboards Layouts.
  • Time to Review.
  • Activity 6
ESM LISTS
  • Active Lists.
  • Active Lists – Types…
  • Active List Attributes.
  • Manipulating Active Lists
  • Cumulative Fields in Active Lists.
  • Time-Partitioned Active List.
  • Session Lists
  • Differences between Session Lists and Active Lists
  • Session List Configurable Components.
  • Session List Fields.
  • Manipulating Session Lists.
  • Time to Review
ESM RULES
  • Objectives
  • Rules Overview-
  • Three Types of Rules …
  • Two Types of Standard Rules
  • Real-time and Scheduled Rules.
  • 18
  • Scheduled Rules Use Cases.
  • Batched Events Processing
  • Historical Data Analysis.
  • Optimized Rule Scheduling
  • Rule Conditions_
  • Rules Aggregation
  • Types of Rule Actions…
  • Rule Actions, Cases and Notifications.
  • Rule Triggers
  • Rule Trigger – Initial Condition Not Met
  • Trieger – On First Event.
  • Trigger – On Every Event.
  • Trigger – On Subsequent Events.
  • Trigger – On First Threshold…
  • Trigger – On Every Threshold
  • Trigger – On Subsequent Thresholds
  • Trigger – On Time Unit.
  • Trigger – On Time Window Expiration.
  • Lightweight Rules.
  • Lightweight Rule Restrictions.
  • Pre-Persistence Rules.
  • Pre-Persistence Rule Restrictions.
  • Time to Review.
  • Summary
ESM QUERIES AND QUERY VIEWERS
  • Objectives
  • Overview
  • Queries
  • Defining Data Sources – Query Resource
  • Defining Data Sources – Query Resource Structure
  • Defining Data Sources – Conditions Resource Structure
  • Defining Data Sources – Local Variable Resource Structure.
  • Query Viewers Overview.
  • Benefits of Query Viewers – High level Summaries
  • Benefits of Query Viewers – Drilldowns.
  • Benefits of Query Viewers – Reporting.
  • Creating Query Viewers – Attributes Tab
  • Creating Query Viewers – Fields Tab
  • Creating Query Viewers – Local Variables Tab.
  • Creating Query Viewers – Drilldowns Tab
  • Displaying Query Viewers
  • Adding Query Viewers to Dashboards.
  • Time to Review
  • Summary
DESIGNING ESM REPORTS
  • Objectives
  • Overview
  • Reports
  • Report Workflow Steps.
  • Defining Data Sources – Query Resource.
  • Defining Data Sources – Trend Resource
  • Defining Data Sources – Snapshot Trend
  • Defining Data Sources – Interval Trend
  • How a Trend Resource Works.
  • Best Practices Using Trends
  • Creating a Report – Tabs Description.
  • Creating a Report – Template Resource Tab.
  • Creating a Report – Data Tab.
  • Creating a Report – Parameters Tab
  • Creating a Report – Jobs Tab.
  • Creating a Report – Notes Tab
  • Special Types of Reports.
  • Special Reports – Delta Report
  • Special Reports – Focused Report.
  • Report Archiving.
  • Reports in Active Channels
  • Time to review
  • Activity 10
EVENT SEARCH
  • Event Search.
  • Search Query Elements
  • Search Controls
  • How Search Queries Work
  • Field Summary
  • Field Summary drill-down.
  • Field Summary Drill-down and Charting.
  • Exporting Search Results.
  • Search Query Expressions.
  • Search Performance Factors
  • Unified (Mixed) Search Efficiency
  • Loading a Saved Search or Filter Query.
  • Saving a Search Filter
  • Saving a Search Filter as a Saved Search
  • keyword Search Syntax.
  • Field-based Query
  • Using Wildcards and Special Characters –
  • Field Sets.
  • Creating Custom Field Sets
  • Advanced Search – Search Builder Tool
  • Search Builder Alternate Displays
  • Search Constraints
  • Time to Review
  • Activity 11

PRACTICE TEST AND INTERVIEW QUESTIONS

At CyberVZN trainings, we provide practice tests at the end of the course, Splunk interview question and answers, Community question and answers, and Sample Resumes to crack the interview.

OUR COURSES

Training1