Training Overview
This instructor-led training teaches you how to install & configure ArcSight Platform 22.1 on-premise with the ArcSight Platform Installation program.
Prerequisites
This training assumes a familiarity working with command line tools, have experience deploying applications in Windows and
Linux environments, & having computer desktop, browser, & file system navigation skills
Audience Profile
This training is designed for Security Professionals & SOC Administrators who are responsible for deploying & administrating the ArcSight Platform within their environment.
Learning Objectives
On completion of this training, professionals should be able to:
-
Content Outline
Describing the ArcSight Platform & its Architecture
Describing the underlying CDF infrastructure
Identifying the ArcSight Platform Capabilities
Explaining other related components to the Platform
Considerations & Best Practices
Describe the following:
- System Requirements
- Host Requirements
- DNS requirements
- NFS Requirements
- ArcSight Database
Configuring the ArcSight Platform YAML Files
Installing ArcSight Platform
• Pre-Install
• Install
Checking the status of the ArcSight Platform Installation
Accessing & exploring the ITOM Management Portal
Running the post-install command to finalize the deployment
Uploading License Files under the ITOM Management Portal
Logging into Fusion for the First Time
Validating a successful integration between Transformation Hub & the new
containerized ArcMC available in Fusion
Retrieving the master root certificate
Recognizing & describing how events are produced
Describing event formats: classic (CEF) & AVRO
Installing a CEF Producer & AVRO Producer of events
A detailed walkthrough of the configuration steps & all parameters
Sending Test Alerts Replay Events to Transformation Hub
Validating Topics & Transformation Hub Ingestion
Defining the difference between a Collector & Connector
Listing the advantages of using Collectors
Describing what’s needed to perform a Collector Deployment using ArcMC
Deploying CTH from ArcMC & route events from th-syslog to other topics
Managing Topic & Routes
Local vs. Global Event Enrichment
Types of Stream Processor Instances in Transformation Hub
Configuring Topics & Routes – Step-by-Step Example for Global Event Enrichment
Configuring the ESM & SOAR Integration
Verifying a Successful Integration
Configuring the ESM Admin User for Single Sign-on
Enabling Single Sign-on
Managing ArcSight Users Overview
Managing ESM Users
Managing Fusion Users
Managing SOAR Users
Defining Recon User Permissions & Roles
Defining Intelligence User Permissions & Roles
Describing the benefits of adding more ArcSight capabilities
Adding more ArcSight capabilities
FAQs
A: To attend the training session, you should have operational Desktops or Laptops with the required specification, along with a good internet connection to access the labs.
A: We would always recommend you attend the live session to practice & clarify the doubts instantly & get more value from your investment. However, if, due to some contingency, you have to skip the class, Radiant Techlearning will help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption & NOT for distribution or any commercial use.
A: Radiant Techlearning has a data center containing a Virtual Training environment for the purpose of professional hand-on-practice.
Professionals can easily access these labs over Cloud with the help of a remote desktop connection.
Radiant virtual labs provide you the flexibility to learn from anywhere in the world & in any time zone.
A: The professionals will be enthralled as we engage them the real-world & industry Oriented projects during the training program. These projects will improve your skills & knowledge & you will gain a better experience. These real-time projects will help you a lot in your future tasks & assignments.