OpenText ArcSight Data Platform is a SIEM platform that unifies data collection and log management of machine data for security intelligence. Micro Focus ArcSight Logger is a component of Micro Focus ArcSight Data Platform. In this course you will learn how to perform a successful ArcSight Software Logger installation from scratch, ingest replay events, and creating nice dashboards.

((Announcemt))

Significant expansion to the Course Circuilum on 23rd of August 2023

Renamed the course from "Micro Focus ArcSight Logger Hands-On" to "ArcSight Logger & ESM Hands-On" and added below 5 x extra sestions:

1) ESM Installation

2) ESM Console Demystified

3) ESM Hands-ON

4) ESM Administration

5) ArcSight Theory

The above 5 sections will cover the following lessons:

Import Brute Force package from ArcSight marketplace

Import Sysmon package from ArcSight marketplace

What is SIEM

ArcSight SIEM

ESM Enables Situational Awareness

ESM Anatomy

SmartConnectors

ArcSight Manager & CORR-EngineStorage

User Interfaces & Use Cases

Interactive Discovery & Pattern Discovery

ESM on an Appliance & Logger & ArcSight Solutions

Life Cycle of an Event Through ESM

Data Collection and Event Processing - Collect & Normalize Event Data

Data Collection and Event Processing - Apply Event Categories

Data Collection and Event Processing - Look up Customer and Zone in Network Model

Data Collection and Event Processing - Filter and Aggregate Events & Managing SmartConnector Configurations

Priority Evaluation and Network Model Lookup

Workflow

Correlation Evaluation - Correlation Overview & Filters & Rules

Correlation Evaluation - How Rules are Evaluated & How Rules Use Active & Session Lists

Correlation Evaluation - Data Monitors

Correlation Evaluation - How Correlation Uses Local and Global Variables & Velocity Templates

Correlation Evaluation - Event Types

Fixing Time of Log Source

Forgotten ESM Account Password and Disabled Account