Download - Catálogo de Treinamentos -02-04-13.pdf
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
1/27
Course Title with
Additional Lines as Needed
Rev. # or date
HP Restricted
| ENTERPRISE SECURITY UNIVERSITY
Course Catalog 2013
Rev. 020513
Building a Successful
HP ArcSight Team
HP Enterprise Security University prepares you forfast implementation and efficient operation Learn from a full assortment of role-based, product oriented courseswith delivery options designed to support the most demandingsecurity needs.
Make training as unique as your organization
HP Enterprise Security University offers a variety of training options
Including course customization and on-site delivery
Call us at: (888) 415-ARST for more details, orEmail: [email protected]
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
2/27
HP Enterprise Security University
2013 Course Catalog 2
Table of ContentsHP ARCSIGHT ESM COURSES 4HP ARCSIGHT ESM ESSENTIALS 5INTRODUCTION TO HP ARCSIGHT ESM EVENT MANAGEMENT 6HP ARCSIGHT ESM OPERATIONS 7HP ARCSIGHT ESM SECURITY ANALYST [AESA] 8HP ARCSIGHT SKILLS ON-DEMAND: Incident Handling on Active Attacks 9HP ARCSIGHT SKILLS ON-DEMAND: Advanced Correlation 10HP ARCSIGHT ESM USE CASE FOUNDATIONS 11BUILDING HP ARCSIGHT ESM ADVANCED CONTENT FOR USE CASES 12HP ARCSIGHT ESM ADMINISTRATOR 5 (AEIA) – (with Oracle DB) 13HP ARCSIGHT ESM ADMINISTRATOR 6 (AEIA) – CORR Engine (No Oracle DB) 14HP ARCSIGHT SKILLS ON-DEMAND: Security & Authentication 15HP ARCSIGHT SKILLS ON-DEMAND: Advanced Network and Asset Modeling 16HP ENTERPRISE SECURITY SOLUTIONS ARCHITECTURE 17 HP ARCSIGHT ESM HP ARCSIGHT ADVANCED ADMINISTRATION 18
HP ARCSIGHT CONNECTORS & CONNECTOR APPLIANCE COURSES 19HP ARCSIGHT SMARTCONNECTOR FOUNDATIONS AND TOOL KITS 20HP ARCSIGHT FLEXCONNECTOR CONFIGURATION 21HP ARCSIGHT CONNECTOR APPLIANCE ADMINISTRATION & OPERATIONS 22HP ARCSIGHT LOGGER COURSES 23HP ARCSIGHT LOGGER SEARCH AND REPORTING 23HP ARCSIGHT LOGGER ADMINISTRATION AND OPERATIONS 24HP ARCSIGHT EXPRESS COURSES 25HP ARCSIGHT EXPRESS ADMINISTRATION & OPERATIONS [Oracle] 25HP ARCSIGHT EXPRESS ADMINISTRATION & OPERATIONS [CORR-Engine] 26
Did You Know?In addition to traditional classroom training, you can take many of our courses on-line, as self-paced eLearning or instructor-led, Web-based, virtual classroom.
These symbols identify each delivery option. For complete course descriptions, latest schedule and
registration instructions visit: h t t p : w w w hpe n t e rp r i s e s e cu r i t y c o m u n i v e r s i ty
Mode of Delivery IconClassroom eLearning
Virtual Classroom Skills on-Demand
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
3/27
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
4/27
HP Enterprise Security University
2013 Course Catalog 4
HP ArcSight ESM Courses
Executive User
SOC Operator
Analyst
Senior Analyst
Administrator
HP ArcSight Essentials
Introduction to HP ArcSight ESM Event Management
HP ArcSight ESM Operations
HP ArcSight ESM Security Analyst
HP ArcSight Skills On‐Demand: Analyst, Incident Handling
HP ArcSight Skills On‐Demand: Analyst, Advanced Correlation
HP ArcSight ESM Use Case Foundations
Building HP ArcSight ESM Advanced Content
for Use
Cases
Introduction to HP ArcSight ESM Event Management
HP ArcSight ESM Operations
HP ArcSight ESM Administrator
HP ArcSight Skills On‐Demand:
Administrator, Security
&
Authentication
HP ArcSight Skills On‐Demand: Administrator, Advanced Network & Asset
Modeling
HP ArcSight ESM Advanced Administration
HP ArcSight CertificationExams
HP ArcSight Security AdministratorHP ArcSight Security Analyst
For more information, please visithttp://www.hpenterprisesecurity.com/university andclick on the HP Certification tab.
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
5/27
HP Enterprise Security University
5 2012 Course Catalog
Description:
HP ArcSight Essentials provides you with an introduction to the common securityproblems addressed by ArcSight's Security Information Event Management (SIEM)solution. Each module provides a high-level overview of each HP ArcSight productand describes how it solves the security risks experienced by digitally connectedorganizations.
Objectives: At the end of this course, you will be able to: List the major security risks associated with a digital environment List and describe the functions of all HP ArcSight products Match the HP ArcSight solution to the security problem that is solved Using icons provided in a topic review, construct a simple SIEM solution using
HP ArcSight products
Audience:This introductory course is designed for newcomers and anyone interested inlearning about ArcSight’s SIEM solution.
Prerequisites:To be successful in this course, you will have: Experience with common Information Security terms and concepts Experience with basic network computing concepts Familiarity with Windows and Unix operating systems
Delivery Method: Approximately 2 hours, self-paced, online, eLearning
HP ArcSight ESM Essentials
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
6/27
HP Enterprise Security University
2013 Course Catalog 6
Description:The Introduction to HP ArcSight Event Management course provides the fundamentalconcepts of an HP ArcSight ESM implementation. Understanding these basicconcepts is critical for anyone who needs to administer an HP ArcSight ESMimplementation or perform analysis on security data within HP ArcSight ESM. Thiscourse is also a prerequisite to additional HP ArcSight ESM training.
Objectives: At the end of this course, you will be able to: Identify roles of users who interact with HP ArcSight ESM Describe the components of an HP ArcSight ESM implementation Describe the structure of the HP ArcSight event schema
Identify the phases of the HP ArcSight event life cycle
Audience:This introductory course is intended for all HP ArcSight ESM users, who need to: Monitor security threats Assess risk exposure Enforce regulatory compliance requirements Manage Security Operations Administer an HP ArcSight ESM implementation
Prerequisites:
To be successful in this course, you will have: Experience with common Information Security terms and concepts Experience with basic network computing concepts Familiarity with Windows and Unix operating systems
Delivery Method: Approximately 3 hours, self-paced, online, eLearning
Introduction to ArcSight ESM EventManagement
NOTE:This course is a subset of the HP
ArcSight ESM Security Analyst eLearning course. If you havepurchased, or plan to purchase,the HP ArcSight ESM Security Analyst eLearning course, DO NOTpurchase this course.
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
7/27
HP Enterprise Security University
7 2012 Course Catalog
Description:The ESM Operations class provides you with comprehensive training on ESMoperations. This course offers exercises for common functionality and proceduresneeded to quickly retrain or cross train a broader group of ESM operators. Themodular format of this course enables you to select the topics and lessons applicableto your job tasks and allows you to return to lessons to refresh what you havepreviously learned.
Objectives: At the end of this course, you will be able to: Using pre-configured ESM, identify and investigate events that appear as
potential security risks Document the results of your investigation to enable others to pursue further
analysis Using a predefined workflow, notify analysts and/or escalate investigations Print basic system health & incident investigation reports Use either the HP ArcSight Console or the HP ArcSight Web user interface
Audience:This base-level training is intended for operators who use HP ArcSight ESM tomonitor daily security events and investigate events of interest to a level where theyare either dismissed or escalated to an Analyst or Administrator. Operator duties areassumed to be limited in scope, but may include using standardized, preconfiguredresources, such as field sets, filters, queries, and reports.
Prerequisites:To be successful in this course, you will have: TCP/IP networking, database concepts and enterprise security experience, which
are highly advantageous Completed Introduction to HP ArcSight ESM Event Management
Delivery Method: Two days, instructor-led, virtual classroom Approximately 10 hours, self-paced, online, eLearning
HP ArcSight ESM Operations
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
8/27
HP Enterprise Security University
2013 Course Catalog 8
Description:The HP ArcSight ESM Security Analyst course provides you with the knowledgerequired to use the HP ArcSight Console to monitor security events. You learn how touse HP ArcSight ESM workflow to escalate security incidents for further analysis andremediation. You also learn to use standard HP ArcSight ESM content to find andcorrelate event information, perform actions such as notifying stakeholders, analyzeevent data graphically, and report on security incidents within your securityenvironment.
Objectives: At the end of this course, you will be able to: Identify HP ArcSight ESM product components List the components of the HP ArcSight ESM Event Schema and how it is used to
normalize base data Navigate HP ArcSight ESM Console and Web Components to correlate,
investigate, analyze, and remediate both exposed and obscure threats Implement custom and stock Filters, Rules, Session Lists, etc. with the Integrated
Case Management and Workflow, to identify, categorize, and escalate eventsof interest
Either manually or using the Network Modeling Wizard, implement Networkand Asset Models
Audience:This basic course is intended for operators/analysts, who need to:
Use the ESM Console to monitor, display and report on security incidents Use standard content to correlate, view and respond to security incidents Design, deploy and maintain the HP ArcSight network model to accurately build
content, view and report on security incidents
Prerequisites:To be successful in this course, you will have: Common security devices, such as IDS and firewalls Common network device functions and TCP/IP addressing Basic Windows operating system tasks & functions Possible attack activities, such as scans, man in the middle, sniffing, DoS, etc
and possible abnormal activities, such as worms, Trojans, viruses, etc.
SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards,etc.
Security directives, such as Confidentiality, Integrity, Availability.
Delivery Method: Five days, instructor-led training at HP ArcSight or Customer on-site Approximately 14 hours, self-paced, online, eLearning AND approximately 16
hours, instructor-led, virtual classroom
HP ArcSight ESM Security Analyst[AESA]
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
9/27
HP Enterprise Security University
9 2012 Course Catalog
Description:This module is intended to familiarize you with and/or reinforce your understandingof the most common activities performed in a Security Operations Center (SOC)environment. The activities are derived from the ArcSight Best Practices for building aSecurity Operations Center.
Skills on-Demand Provides:
Cloud based Labs Real-world experience of a configured HP ArcSight implementation Perform the activities at your own pace and from any convenient location via
standard browser and high-speed internet connection Safe for experimenting, refresh to original state with “a push of a button”
Prescribed Activities for Analysts and Administrators Guides to ensure most important areas of expertise are covered Based upon Use Cases for Analysts to provide exposure to most demanding areas
of daily work
eMentors Access to eMentors, experienced professionals and instructors, via email, with a
committed turnaround time of 24 hours maximum eMentors are dedicated to providing support related to the Prescribed Activities of
Skills On-Demand
Activities Included in this Module:
Delivery of situational awareness Reduction of risk and downtime Threat control and prevention Path of Escalation Audit and compliance support Incident response and recovery Speed of aggregation and correlation Device and system coverage Ability to respond quickly through Real Time data and automation 24/7 uptime
Prerequisites:To be successful in the activities in this Skills On-Demand, you will have successfullycompleted: HP ArcSight ESM Security Analyst (AESA) course [highly recommended] or 6 months experience with HP ArcSight ESM as a Security Analyst
Delivery Method: Eighteen hours web-based access to a virtual environment over a fourteen day
period
HP ArcSight Skills On-Demand: AnalystIncident Handling on Active Attacks Module
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
10/27
HP Enterprise Security University
2013 Course Catalog 10
Description:This module is intended to familiarize you with and/or reinforce your understandingof the advanced correlation capabilities within ArcSight ESM that provide asignificant edge in detecting active attacks.
Skills on-Demand Provides:
Cloud based Labs Real-world experience of a configured HP ArcSight implementation Perform the activities at your own pace and from any convenient location via
standard browser and high-speed internet connection Safe for experimenting, refresh to original state with “a push of a button”
Prescribed Activities for Analysts and Administrators
Guides to ensure most important areas of expertise are covered Based upon Use Cases for Analysts to provide exposure to most demanding
areas of daily work
eMentors Access to eMentors, experienced professionals and instructors, via email, with a
committed turnaround time of 24 hours maximum eMentors are dedicated to providing support related to the Prescribed Activities
of Skills On-Demand
Activities Included in this Module: Threat Intelligence
Web Proxy clear text password detection use case Damage Assessment Use Case
Prerequisites:To be successful in the activities in this Skills On-Demand, you will have successfullycompleted: ArcSight ESM Security Analyst (AESA) course [highly recommended] and At least one additional course such as the Incident Handling on Active Attacks
Skills On-Demand module
Delivery Method: Eighteen hours web-based access to a virtual environment over a fourteen day
period
HP ArcSight Skills On-Demand: Analyst Advanced Correlation Module
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
11/27
HP Enterprise Security University
11 2012 Course Catalog
Description:The HP ArcSight Use Cases Foundations provides you with detailed knowledge of theHP ArcSight security problem solving methodology, within the ESM context. In thiscourse, you learn the methodologies to develop use cases for current businessscenarios, derived from the top business drivers in the market. During the training, youlearn to: Using HP ArcSight ESM, identify business drivers to develop Use Cases Identify Use Case problems and requirement statements associated with actual
scenarios Using the Use Case worksheet, document a use case Develop HP ArcSight ESM content to accommodate Use Case discrete objectivesThis course includes extensive hands-on exercises.
Objectives: At the end of this course, you will be able to: In an HP ArcSight ESM context, define Use Case Using the Use Case worksheet from an initial problem statement, generate
requirement statements and prioritize objectives Identify data sources and ESM resources required to fulfill the objectives of the use
case Fulfill use case requirements by creating identified ESM content:
Construct HP ArcSight Active Channels to provide advanced analysis of theevent stream
Develop HP ArcSight Rules to allow correlation activities Build event-based data monitors to provide real time viewing of event traffic
Package formulated ESM contents for the Use Case into HP ArcSight ResourceBundle
Audience:This advanced course is intended for those whose primary responsibilities include: Defining organization’s security objectives Building HP ArcSight ESM content to adhere to those objectives
Prerequisites:To be successful in this course, you will have: Completed HP ArcSight ESM Security Analyst (AESA) Knowledge of:
Common network devices and their functions TCP/IP functions Windows operating system tasks SIEM terminology and Security directives
Delivery Method: Three days, instructor-led training at HP ArcSight or Customer on-site
HP ArcSight ESM Use Case Foundations
Customization:On-site, customized training isavailable for this course.
For more information, please [email protected]
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
12/27
HP Enterprise Security University
2013 Course Catalog 12
Description:This course covers HP ArcSight security problem solving methodology usingadvanced HP ArcSight ESM content to find, track and remediate security incidents,specifically identified in the course’s use cases.During the training, you will learn to: Use variables and correlation activities Customize report templates to use dynamic content Customize notification templates to send the appropriate notification based upon
specific attributes of an eventNote: This course includes extensive hands-on exercises.
Objectives: At the end of this course, you will be able to:
In an HP ArcSight ESM context, define Use Case Using the Use Case worksheet from an initial problem statement, generate
requirement statements and prioritize objectives Identify data sources and ESM resources required to fulfill the objectives of the
use case To fulfill use case requirements, create identified ESM content:
Construct HP ArcSight Variables to provide advanced analysis of the eventstream
Develop HP ArcSight Rules to allow advanced correlation activities Build event-based data monitors to provide real time viewing of event traffic
and anomalies Implement custom velocity macros for notification Create new report templates and functional reports using the statistics and
dynamic values Package formulated ESM contents for the Use Case
Audience:This advanced course is intended for those whose primary responsibilities include: Defining organization’s security objectives Building HP ArcSight ESM content to adhere to those objectives
Prerequisites:To be successful in this course, you will have: Completed HP ArcSight ESM Security Analyst (AESA) Knowledge of:
Common network devices and their functions TCP/IP functions and Windows operating system tasks SIEM terminology and security directives
Delivery Method: Five days, instructor-led training at HP ArcSight or Customer on-site
Building ESM Advanced Contentfor Use Cases
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
13/27
HP Enterprise Security University
13 2012 Course Catalog
Description:The HP ArcSight ESM Administrator course provides you with in-depth informationabout an HP ArcSight ESM installation. It includes instructions for performingadministrative related tasks within HP ArcSight ESM. This course is designed for anySystem Administrator that performs routine administration tasks within HP ArcSightESM, such as performing data backups and patch updates. You will be exposed toadministrative and troubleshooting tools within HP ArcSight ESM and learn how to usethem effectively.
Objectives: At the end of this course, you will be able to: Manage and install HP ArcSight ESM components Manage database space and retention policies
Administer HP ArcSight ESM Back Up HP ArcSight ESM Upgrade HP ArcSight ESM Troubleshoot HP ArcSight ESM
Audience:This course is intended for any system administrator that will be responsibleadministering some aspect of an HP ArcSight ESM implementation.
Prerequisites:To be successful in this course, you will have:
Completed Introduction to HP ArcSight ESM Event Management
Delivery Method: Four days, instructor-led training at HP ArcSight or Customer on-site Approximately 14 hours, self-paced, online, eLearning
HP ArcSight ESM Administrator 5 (AEIA) –(with Oracle DB)
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
14/27
HP Enterprise Security University
2013 Course Catalog 14
Description:The HP ArcSight ESM Administrator 6 course provides you with in-depth information
about an ArcSight ESM installation with detailed instructions for performingadministrative related tasks within ArcSight ESM. This course is designed for anySystem Administrator that performs routine administration tasks within ArcSight ESM,such as ESM user management, SSL certificate administration and data backups. Youwill be exposed to administrative tools within ArcSight ESM and learn how to usethem effectively.
Objectives: At the end of this course, you will be able to:
Identify key benefits and capabilities of ArcSight ESM Identify typical ArcSight deployment architectures Install the ArcSight ESM Suite Install an ArcSight Console Set up Retention Policies Integrate ArcSight ESM with external authentication sources (LDAP/Active
Directory) Manage Users and Notifications Manage SSL certificates Monitor ESM components using built-in Dashboards Build out the ArcSight ESM Network Model Install and Manage ArcSight SmartConnectors Secure ArcSight Components
Manage ArcSight Packages Back Up ESM Content and Events Manage ArcSight Event Data Contents Work with ArcSight Support
Audience:This course is intended for any system administrator that will be responsibleadministering some aspect of an HP ArcSight ESM implementation.
Prerequisites:
To be successful in this course, you should have: Successfully completed ArcSight Introduction to Event Management Knowledge of common network device functions, such as routers, switches, hubs,
etc.
Delivery Method: Four days, instructor-led training at HP ArcSight or Customer on-site Four days, instructor-led, virtual classroom
HP ArcSight ESM Administrator 6 (AEIA)CORR Engine (No Oracle DB)
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
15/27
HP Enterprise Security University
15 2012 Course Catalog
Description:The following module is intended to familiarize you with and/or reinforce your understandingof the most common administrative security and authentication-related, configuration tasks ina hands-on, non-production environment.
Skills on-Demand Provides:
Cloud based Labs Real-world experience of a configured HP ArcSight implementation Perform the activities at your own pace and from any convenient location via standard
browser and high-speed internet connection Safe for experimenting, refresh to original state with “a push of a button”
Prescribed Activities for Analysts and Administrators
Guides to ensure most important areas of expertise are covered Based upon Use Cases for Analysts to provide exposure to most demanding areas of
daily work
eMentors Access to eMentors, experienced professionals and instructors, via email, with a
committed turnaround time of 24 hours maximum eMentors are dedicated to providing support related to the Prescribed Activities of Skills
On-Demand
Activities Included in this Module: Active Directory integration
Establish secure password and login requirements Manage ESM user ACLs Troubleshoot user access issues
Prerequisites:To be successful in the activities in this Skills On-Demand, you will have successfullycompleted: ArcSight ESM Administrator or ArcSight ESM Integrator/Administrator [AEIA] and 6 months experience with HP ArcSight ESM as a Security Administrator
Delivery Method: Eighteen hours web-based access to a virtual environment over a fourteen day period
HP ArcSight Skills On-Demand: Administrator Security and Authentication Module
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
16/27
HP Enterprise Security University
2013 Course Catalog 16
Description:This module is intended to give an Administrator of an ArcSight ESM installation theopportunity to perform advanced Network and Asset modeling related configurationtasks in a hands-on, non-production environment.
Skills on-Demand Provides:
Cloud based Labs Real-world experience of a configured HP ArcSight implementation Perform the activities at your own pace and from any convenient location via
standard browser and high-speed internet connection Safe for experimenting, refresh to original state with “a push of a button”
Prescribed Activities for Analysts and Administrators
Guides to ensure most important areas of expertise are covered Based upon Use Cases for Analysts to provide exposure to most demanding areas
of daily work
eMentors Access to eMentors, experienced professionals and instructors, via email, with a
committed turnaround time of 24 hours maximum eMentors are dedicated to providing support related to the Prescribed Activities of
Skills On-Demand
Activities Included in this Module: Build the Network Model and verify that Zones are applied to events so that
outbreaks can be tracked across Zones Set up an ArcSight Nessus SmartConnector to automatically populate the Asset
model and Vulnerability status Assign appropriate categories to mission critical Assets so that the CISO can see
the business impact as outbreaks are happening Extend the Network Model to differentiate between two separate network
segments with overlapping IP address ranges
Prerequisites:To be successful in the activities in this Skills On-Demand, you will have successfullycompleted: ArcSight ESM Administrator or ArcSight ESM Integrator/Administrator [AEIA] and At least one additional course such as the ArcSight SmartConnector Foundations
and Tool Kit or ArcSight Security and Authentication Skills On-Demand module
Delivery Method: Eighteen hours web-based access to a virtual environment over a fourteen day
period
HP ArcSight Skills On-Demand: Administrator Advanced Network and Asset Modeling Module
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
17/27
HP Enterprise Security University
17 2012 Course Catalog
HP ArcSight Enterprise Security Solutions Architecture
Description:HP Enterprise Security Solutions Architecture provides participants with hands-onactivities based on a practical solutions-based approach to address commonbusiness requirements. Methodologies, terms and concepts are explored inprogressive examples using built-in product configuration and management facilities.Product architectures are coupled with deployment best-practices within the contextof the HP ArcSight product line as a complete log management and event correlationplatform.
Objectives: At the end of this course, you will be able to: Identify types of criteria used to define system requirements Present a thorough compilation of the various architectures and the pros and
cons of each Identify integration capabilities and best practices for each product Identify data sources and ESM resources required to fulfill the objectives of the
use case Present multiple real-world scenarios that will be the basis of a complete
implementation exercise
Audience:This advanced course is intended for IT security experts seeking multi-productconfiguration/integration and practical deployment methodologies for ArcSightSolutions.
Prerequisites:To be successful in this course, you must have: Successfully completed the AESA [formerly ACSA] course or have equivalent
hands-on experience Successfully completed the AEIA [formerly ACIA] course or have equivalent
hands-on experience Successfully completed Logger Administration and Operations course or have
equivalent hands-on experience
Delivery Method: Five-day, instructor-led classroom
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
18/27
HP Enterprise Security University
2013 Course Catalog 18
Description:The HP ArcSight Advanced Administration course provides you with techniques toproactively analyze and troubleshoot the Oracle 11g database and HP ArcSightESM manager to provide efficient services to your organization. This course teachesyou to design and deploy hierarchical, fault tolerant manager implementations aswell integration strategies between HP ArcSight ESM and other HP ArcSightappliances such as Logger, Connector Appliance, and the NSP products.
Objectives: At the end of this course, you will be able to: Design, deploy and configure an HP ArcSight ESM multi-manager layout for
high-availability and fail-over Assess and implement integration strategies for HP ArcSight ESM and HP
ArcSight appliances Provide credentials for HP ArcSight ESM including RADIUS and LDAP/AD Use available HP ArcSight and Oracle tools to investigate the health of your
installation Implement HP ArcSight best practices for backup and recovery for an Oracle
10g database
Audience:This course is designed for users who need to: Install, administer, maintain and troubleshoot HP ArcSight ESM components Design and implement integrations between HP ArcSight ESM and other HP
ArcSight appliances Proactively investigate the health of the HP ArcSight ESM environment including
the Oracle 11g database
Prerequisites:To be successful in this course, you will have an understanding of: Common security devices, such as IDS & firewalls Common network device functions, such as routers, switches, hubs, etc. TCP/IP functions, such as CIDR blocks, subnets, addressing, communications,
etc. Basic Windows operating system tasks & functions Possible attack activities, such as scans, man in the middle, sniffing, DoS, etc.,
and possible abnormal activities, such as worms, Trojans, viruses, etc. SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards,
etc. Oracle database structures 6 months experience administering HP ArcSight ESM Completed HP ArcSight ESM Administrator
Delivery Method: Four days, instructor-led training at HP ArcSight or Customer on-site
HP ArcSight ESM Advanced Administration
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
19/27
HP Enterprise Security University
19 2012 Course Catalog
HP ArcSight Connectors andConnector Appliance Courses
Administrators
HP ArcSight Logger Courses
Business User Administrators
HP ArcSight Express Courses
All Users [CORR-Engine] All Users [Oracle]
HP
ArcSight
SmartConnector Foundations and Tool
Kits
HP ArcSight
FlexConnector Configuration
HP ArcSight Connector Appliance Administration and
Operations
HP ArcSight Logger Search and
Reporting
HP ArcSightLogger Administration
and Operations
HP ArcSight Express 3.0 [CORR‐Engine]
Administration
&Operations
HP ArcSight Express 4.5/5.0 [Oracle]
Administration
&Operations
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
20/27
HP Enterprise Security University
2013 Course Catalog 20
Description:The HP ArcSight SmartConnector Foundations course provides you with detailed
knowledge to install and configure HP ArcSight SmartConnectors.
Objectives: At the end of this course, you will be able to: Install and configure SmartConnector software via CLI, GUI and the Connector
Appliance Configure, enable, and disable automated startup Add, configure, and remove destinations and fail-over destinations Configure aggregation, filtering, batching and time correction functions Alter JVM settings, including those required to use more memory and support
international locales
SmartConnector Tool Kit includes: JDBC Driver Installation Windows Unified Connector McAfee ePolicy Orchestrator Connector CheckPoint OPSEC NG Connector Sourcefire eStreamer Connector Symantec Endpoint Protection Connector Nessus Scanner Connector
FlexConnector Tool Kit includes: Delimited File FlexConnector Syslog FlexConnector RegEx FlexConnector
SNMP FlexConnector
Audience:This course is intended for administrators, who need to: Deploy and manage HP ArcSight SmartConnectors
Prerequisites:To be successful in this course, you will have a basic understanding of: Common network device functions TCP/IP functions, such as CIDR blocks, subnets, addressing, etc. Basic Windows operating system tasks
SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards,etc.
Security directives, such as Confidentiality, Integrity, Availability
Delivery Method: One-day instructor-led, virtual classroom AND approximately 5 hours, self-
paced, online, eLearning [Tool Kits] Approximately 8 hours, self-paced, online, eLearning
HP ArcSight SmartConnector Foundationsand Tool Kits
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
21/27
HP Enterprise Security University
21 2012 Course Catalog
Description:HP ArcSight FlexConnector Configuration training provides you with an overview of
the HP ArcSight SmartConnectors framework and explains the HP ArcSight ESMSchema. It teaches you how to construct and manipulate FlexConnector configuration,and property files and to use various parsing methods including fixed delimited,regular expressions, and database query. Examples from standard connectors areused to illustrate device-specific methodologies. Advanced configuration options suchas multi-line Regex, parser linking and conditional mapping are also covered.
Objectives: At the end of this course, you will be able to: Given a target event log file and configuration criteria, install HP ArcSight
Connector software, configure a functional FlexConnector, and test with an ESM
Active Channel Use the FlexConnector Wizard to create fixed delimited configuration files Use the Regex Tester tool to create common and sub-message parsing and token-
to-event mapping Given ESM field set display criteria, create a tailored Categorization file for a
parent FlexConnector and test its function in an active channel Navigate the connector configuration file hierarchy to locate, display and edit
appropriate configuration properties files to perform advanced functions such asconditional mapping and parser linking
Audience:This intermediate level course is intended primarily for security administrators, contentauthors/architects and IT integrators, who build and install custom connectors toprovide critical event data feeds to HP ArcSight ESM or Logger. This can includesenior analysts for networks, security systems, enterprise applications & databases.
Prerequisites:To be successful in this course, you will have: Completed HP ArcSight ESM Security Analyst (AESA) - highly recommended Completed HP ArcSight ESM Administrator - highly recommended A working knowledge of Regular Expressions
Delivery Method: Three days, instructor-led training at HP ArcSight or Customer on-site
HP ArcSight FlexConnector Configuration
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
22/27
HP Enterprise Security University
2013 Course Catalog 22
Description:The HP ArcSight Connector Appliance Administration and Operations courseprovides you with the knowledge to administer, configure, and effectively managean HP ArcSight Connector Appliance.
Objectives: At the end of this course, you will be able to: Identify and differentiate the various HP ArcSight Connector Appliance models
and their capabilities Install and configure Connector Appliance List the components that make up a Connector Appliance and describe how they
interoperate Mount remote file systems with a Connector Appliance
Configure a SmartConnector on Connector Appliance Configure a software SmartConnector for remote management by Connector
Appliance Perform complex tasks like batch configuration changes on Connectors Upgrade individual SmartConnectors Upgrade, Backup and Restore SmartConnectors Upgrade, Backup and Restore a Connector Appliance
Audience:This course is intended for administrators, who need to: Deploy and maintain HP ArcSight Connector Appliances
Prerequisites:To be successful in this course, you will have a basic understanding of: Common network device functions, such as routers, switches, hubs, etc. TCP/IP features and functions, such as CIDR blocks, subnets, addressing,
communications, etc. Windows operating system tasks, such as installations, services, sharing,
navigation, etc. SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards,
etc. Security directives, such as Confidentiality, Integrity, Availability.
Delivery Method: Two days, instructor-led, virtual classroom Approximately 6 hours, self-paced, online, eLearning
HP ArcSight Connector Appliance Administration and Operations
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
23/27
HP Enterprise Security University
23 2012 Course Catalog
Description:HP ArcSight Logger Search and Reporting provides you with task-focused training to
quickly configure and use your Logger’s event search and reporting capabilities.Learning content is specifically intended for team members of security operations,network operations, auditing and compliance. This course includes exercises oncommon functionality and procedures to leverage built-in product content as well ascustom tailoring techniques to fulfill event search and reporting demands in enterprisesecurity and operations log management environments.
Objectives: At the end of this course, you will be able to: Explain and implement event indexing and use the Logger search builder to
access field-based, full-text and regex-based event search facilities
Access and customize search field set display controls and search constraintcriteria to refine and tune event search results
Use Logger search builder to access unified event search facilities, save searchqueries as filters, saved searches, shared or search group filters
Access reporting resources to use pre-built reports, copy and customize reports,and manage report groups and categories to control distribution and access toreport information
Run reports as scheduled jobs, ad hoc, or as a background task, publish andarchive results according to given distribution and retention criteria
Audience:
This is a base-level course that provides you with specific end-user event search andreporting topics intended for team members of security operations, networkoperations, as well as personnel responsible for auditing and compliance.
Prerequisites:To be successful in this course, you will have: Computer desktop, browser, and file system navigation skills TCP/IP networking, database concepts and enterprise security experience, which
are highly advantageous
Delivery Method: Approximately 3 hours, self-paced, online, eLearning
HP ArcSight Logger Search and Reporting
NOTE:This course is a subset of the HP
ArcSight Logger Administration &Operations eLearning course. If youhave purchased, or plan to purchase,the HP ArcSight Logger Administration& Operations eLearning course,DO NOT purchase this course.
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
24/27
HP Enterprise Security University
2013 Course Catalog 24
Description:HP ArcSight Logger Administration and Operations provides you with comprehensivetraining to quickly configure your Logger Appliance or Downloadable Software Logger andbring it into an operational state. Learning content is specifically intended for team membersof security operations, network operations, auditing and compliance. This course includeshands-on training exercises on common functionality and procedures to tailor and maintainHP ArcSight Logger.
Objectives: At the end of this course, you will be able to: Initialize Logger Appliance or install Software Logger, establish network connection,
implement initial Logger storage, retention policy, and event indexing Configure event source devices/device groups, such as event Receivers, Forwarders, etc.
and optional connector management facilities Establish and manage Logger user/group controls Use the Logger search builder to access unified event search facilities, save search
queries as filters, saved searches, scheduled alerts, shared or search group filters Access reporting resources to view pre-built reports, copy and customize reports, and
manage report groups and categories to control distribution and access to reportinformation
Audience:
This is a base-level course that provides specific content to perform system administrative andIT integration initial setup tasks for HP ArcSight Logger Appliance or Software form factors,
version 5.0. Additional end-user topics are intended for team members of securityoperations, network operations, as well as personnel responsible for security auditing andcompliance.
Prerequisites:To be successful in this course, you will have: Computer desktop, browser, and file system navigation skills TCP/IP networking, database concepts and enterprise security experience
Delivery Method:
Three days, instructor-led training at HP ArcSight or Customer on-site Three days, instructor-led, virtual classroom Approximately 14 hours, self-paced, online, eLearning
HP ArcSight Logger Administration and Operations
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
25/27
HP Enterprise Security University
25 2012 Course Catalog
Description:The HP ArcSight Express Administration and Operations course provides you withcomprehensive training for HP ArcSight Express. This course includes hands-ontraining exercises on packaged content and functionality for you to bring the HP
ArcSight Express appliance into production environments.
Objectives: At the end of this course, you will be able to: Use HP ArcSight Express built-in content, such as standard Channels, Filters,
Rules, Active Lists and Reports, to make HP ArcSight Express ready to use uponinitial installation.
Configure Network and Asset Modeling to build custom business-oriented viewswithin the HP ArcSight Express environment
Utilize HP ArcSight Express monitoring and detection features to isolate,investigate, analyze, and remediate exposed security issues to provide situationalawareness and real time incident response
Given Storage Appliance network and business access requirements, configureglobal, platform, and system settings for both appliance and user resources
Utilize Search and Report Query facilities to define and locate matching eventsfrom the Storage Appliance and deploy high usage queries as filters, savedsearches, or scheduled reports
Audience:This course is intended for all users of the HP ArcSight Express appliance, including
members of security operations, network operations, as well as those responsible forauditing and compliance. It is designed for users who need to: Administer the HP ArcSight Express appliance Perform IT integration tasks for both the HP ArcSight Express and Logger Storage
Appliances Utilize the Search and Report Query facilities
Prerequisites:To be successful in this course, you will have: Computer desktop, browser, and file system navigation skills TCP/IP networking, database concepts and enterprise security experience are
highly advantageous
Delivery Method: Five days, instructor-led training at HP ArcSight or Customer on-site Five days, instructor-led, virtual classroom Approximately 32 hours, self-paced, online, eLearning
HP ArcSight Express Administration and Operations [Oracle]
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
26/27
HP Enterprise Security University
2013 Course Catalog 26
Description:The HP ArcSight Express Administration and Operations course provides you withcomprehensive training for HP ArcSight Express. This course includes hands-on trainingexercises on packaged content and functionality for you to bring the HP ArcSight Expressappliance into production environments.
Objectives: At the end of this course, you will be able to: Use HP ArcSight Express built-in content, such as standard Channels, Filters, Rules, Active Lists and Reports, to make HP ArcSight Express ready to use upon
initial installation Configure Network and Asset Modeling to build custom business oriented views within the HP ArcSight Express environment
Utilize HP ArcSight Express monitoring and detection features to isolate, investigate,analyze, and remediate exposed security issues to provide situational awareness and realtime incident response
Configure HP ArcSight settings, system settings, and user resources appropriately Create custom content Access reporting resources to use pre-built reports, copy and customize reports, create
report dashboards, and manage report groups and categories to control distribution andaccess to report objects and published information
Audience:This course is intended for all users of the HP ArcSight Express appliance, including members
of security operations, network operations, as well as those responsible for auditing andcompliance. It is designed for users who need to: Administer the HP ArcSight Express appliance Perform IT integration tasks for both the HP ArcSight Express Appliances Utilize the Search and Report Query facilities
Prerequisites:To be successful in this course, you will have: Computer desktop, browser, and file system navigation skills TCP/IP networking, database concepts and enterprise security experience are highly
advantageous
Delivery Method: Five days, instructor-led training at HP ArcSight or Customer on-site Five days, instructor-led, virtual classroom Approximately 32 hours, self-paced, online, eLearning
NOTE:This course is intended for AE 3.0 with the CORR-Engine,not AE 4.5/5.0 Oracle.This course only covers the following deployment model:
HP ArcSight Express Administration andOperations [CORR-Engine]
-
8/9/2019 Catálogo de Treinamentos -02-04-13.pdf
27/27
HP Enterprise Security University