ArcSight-LOG-7.x-ArcSight Logger Administration and Operations

• Describe the basic features and functions of Logger

• Describe how different Logger models are used

• Explain how the Logger processes event data

• Explain what CEF is and how it is used

• Install and configure Software Logger

• Describe how to update & uninstall Software Logger

• Initialize and configure a Logger appliance

• Log into the Logger browser interface

• List browser requirements for the Logger User Interface (UI)

• Describe functions accessible from each main tab of the Logger UI

• Navigate to specific topics within the Logger UI

• Use the Dashboards tab to graphically track basic Logger system functions

• Use appropriate options on the Configuration drop-down menu to access, configure, and verify Logger functions

• Configure a Peer Logger

• Access System Maintenance functions

• Create, edit, and delete Receivers

• Manage devices and device groups

• Associate devices with device groups

• Associate storage rules with device and storage groups

• Create, edit, and delete ESM destinations and manage SSL certificates

• Create, edit, and delete Forwarders

• Locate and configure Logger Appliance Network settings

• Obtain audit log content and enable support login

• Perform system and license updates

• Mount and configure remote storage

• Generate and install signed certificates

• Enable CAC and/or FIPS 140-2 security

• Create user groups in Logger

• Assign user group privileges

• Edit and delete user groups

• Add users in Logger

• Assign users to groups

• Edit and delete users

• Specify global login, password, and authentication settings

• Explain how (at a high level) Logger searches events

• Describe basic differences of how keyword, field-based, Regex, and pipeline

searches are performed

• Enable peer Loggers for searching

• Use a unified Search page to initiate any type of search

• Use the auto-complete feature to save time during data entry

• Describe how search results are displayed

• Narrow your search interactively using displayed results

• Use wild cards in search queries

• Explain how indexing improves search performance

• Modify field indexing

• Use the Search Builder Tool as the common user interface to create any

queries, in any combination with pipeline operators

• Customize and save field sets for customized results displays

• Apply constraints to a search

• Validate the performance of a query using a Search Analyzer

• Run a search query and analyze the results

• Refine and rerun a search with the results display

• Rerun a search at regular intervals using Auto Update

• Describe the function of a static correlation

o Use the Live Event Viewer to display real-time raw events

• Save a query as a filter or a saved search, and retrieve it later

• Describe the different types of filters used in Logger

• Create, copy, edit, or delete a shared filter

• Create and use search group filters

• Run a saved search job

• Create a saved search alert

• Save search results to the local Logger and retrieve them

• Change search parameters using Advanced Search Options

o Search Logger from the ArcSight ESM Console

• Describe the types of panels on a Dashboard

• Describe built-in Dashboards

• Create and modify a Dashboard

• Use Navigation Explorers to locate the pre-defined and user-created report

resources

• Run a report using Run, Quick Run, or Run in Background and describe the

differences

• Use time range, device/storage group, and peer logger constraints when

running a report

• Run a report as a scheduled report job

• Publish or Email report results

• Use Report Category Filters (SysAdmin)

• Manage server properties and deploy report bundles (SysAdmin)

• Use the iPackager facility to create report bundles (SysAdmin)

• Copy and save a customized report to your needs

• Use the facilities of the Adhoc Report Designer page to modify a report design

• Use the icons in the header of a report display to edit its design

• Copy and save a customized report template to your needs

• Edit a report layout to adjust the fonts, colors, and arrangement you want

• Create and edit a report query

• Explain the differences between Logger search queries and Logger report queries

• Use the SQL Editor to construct report queries

• Customize query fields with hyperlinks, formatting, and formulas

• Group query fields for reports

• Specify mandatory filtering on pre-defined fields or user-specified fields

• Create lookup values for field attributes

• Create and use parameters and parameter groups

• Modify the default home page for Reports to display a dashboard view

• Design a new report dashboard

• Configure and add Report and External Link widgets

• Change the layout and contents of a reporting dashboard

• Set preferences and views for report dashboards

• Delete report dashboards and dashboard elements

• Explain when and why alerts and notifications are generated

• Create and edit Alerts and Notifications

• Enable and disable Alerts and Notifications

• Search for and view Alerts

• Export Alerts for further analysis

• Backup and restore a Logger configuration

• Backup and restore reports and report definitions

• Export and import Logger Alerts, Dashboards, Filters, Parsers, Saved Searches, and Source Types

• Archive events for specific days and schedule daily archiving

• Retrieve error and audit logs

A: To attend the training session, you should have operational Desktops or Laptops with the required specification, along with a good internet connection to access the labs. 

A: We would always recommend you attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, if, due to some contingency, you have to skip the class, Radiant Techlearning will help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant hand-on-practice. 

Participants can easily access these labs over Cloud with the help of a remote desktop connection. 

Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone. 

A: The learners will be enthralled as we engage them the real-world and industry Oriented projects during the training program. These projects will improve your skills and knowledge, and you will gain a better experience. These real-time projects will help you a lot in your future tasks and assignments.