3-7307 – ArcSight Management Center (ArcMc) Administration

EDU Trainings s.r.o.

Popis kurzu

Obsah kurzu

Chapter 1: Introduction to Product Features and Architecture

Describe problems ArcSight Management Center solves
Recognize the ArcSight Platform architecture
Describe where ArcMC fits in the ArcSight Platform
Understand the deployment options for ArcMC functionality: containerized or standalone
(also known as non-containerized)

Chapter 2. Installing Software ArcMC (Non-Containerized)

Recognize the requirements for installing Software ArcMC
Describe the installation steps for Software ArcMC
Recognize uploading ArcMC licenses and start/stop of ArcMC processes
Describe how the ArcMC product’s UI is organized
Log into the ArcMC UI to verify a healthy operational status

Chapter 3: System Administration for ArcMC (Non-Containerized)

Describe the System Admin Sub-Menu options in the UI interface
Differentiate ArcMC Appliance and Software ArcMC System Admin capabilities
Locate and configure software ArcMC device settings
Define a Password Policy and Login Banner for ArcMC users
Review and configure Sys Admin settings, including defining a password policy and login
banner

Chapter 4: Node Management with Fusion ArcMC (Containerized) – ArcMC and Logger Nodes

Recognize how ArcMC uses Node Management to manage ArcMC (non-containerized) instance and Logger node types
Describe the Node Management Tasks available in the ArcMC Console
Understand how to add nodes from a host
Learn how to import hosts from a CSV file
Identify, add, and organize ArcSight hosts and nodes using locations
Describe ArcMC Agent functionality and installation and upgrade steps
Understand how the initial configuration feature serves as a rapid and uniform setup for multiple ArcSight Loggers
Create location management entities
Import software ArcMC and Logger nodes using manual and bulk operations
Address credential issues, and upgrading, ArcMC agent version

Chapter 5: Node Management – Importing Hosts with Connectors using Core and Software ArcMC Consoles

Recognize how ArcMC uses Node Management to manage Hosts with Connectors node type.
Gain experience installing and configuring Connectors
Learn how to import a host with connectors
Identify the steps to re-scan a host to bring new Connectors as managed nodes
Explore how a single host can comprise multiple nodes (connectors) for management purposes
Describe the Node Management tools to manage connectors, containers, and destinations
through the ArcMC interface
Recognize the Health indicators in the ArcMC Monitory Summary dashboard
Install a connector via SmartConnector wizard
Describe the steps to import Windows, and Linux hosts with connectors as ArcMC managed
nodes

Chapter 6: Node Management – Managing Connector Parameters using ArcMC Console

Recognize how ArcMC uses Node Management to centrally manage Connectors’
Configuration settings
Describe the main connector managed components: container, connector configuration and
destination configuration
Manage Connector parameters using Core ArcMC Console
Pull and review audit logs generated connectors via Core ArcMC console
Describe how Node Management deals with day-to-day operations and fine tuning of Hosts
with Connector nodes

Chapter 7: Configuration Management

Describe how ArcMC Configuration Management works
Identify the differences between Initial configurations and subscriber configurations
Create various subscriber configurations
Discuss Best Practices for use of configuration management
Create configuration templates for managing settings in managed software ArcMC, Logger
and Connectors
Create policies to manage several types of receivers in Logger nodes
Consolidate Filter resources in Logger nodes
Create mapping file configuration for managed connectors
Create configuration baselines for managed nodes
Manage ArcSight Network Model resources such as Networks and Zones settings for managed connectors

Chapter 8. Managing Users on Managed Products

Describe how user management and role-based access control are applied to managing
users in an ArcSight Deployment
Describe the different components that make up User Management
Run and investigate non-compliant user configurations
Implement role-based access control RBAC for standalone ArcMCs and Logger devices
Describe the steps to generate compliance reports to list and validate users/groups/roles
implemented in managed nodes

Chapter 9: Documenting Capabilities in ArcSight Platform Instance

Identify the ArcSight Platform capabilities using ITOM and Core Interfaces
Describe the configuration of ArcSight Platform to enable ArcMC functionality known as
Core ArcMC
Articulate how the Core UI is organized
Describe how to validate the state of ArcSight Platform components (pods) using CLI and
ITOM Interface
Document the capabilities deployed in your ArcSight Platform instance
Identify the versions of Core (Fusion) and Transformation Hub capabilities
Recognize the dependencies between Fusion, Transformation Hub and ArcMC

Chapter 10: Managing Transformation Hub – Importing Host in Core ArcMC

Describe the steps to integrate Transformation Hub (TH) and ArcMC
Describe and configure Producers and Consumers in TH
Identify the state of TH in the Summary Dashboard
Import Transformation Hub as a managed node using the Core ArcMC interface
Manage Connectors with Transformation Hub Destinations
Identify the steps to configure ESM and Logger as Transformation Hub Consumers

Chapter 11: Managing Transformation Hub – Routing Events Between Topics

Recognize the configuration properties for topic and routing rules resources
Describe the steps to create Kafka topics in Transformation Hub via Core ArcMC interface
Configure Route and Filter of Events Between Topics from Core ArcMC interface
Describe the steps to set a Logger consumer to pull events from a newly created topic
Recognize the ArcMC Monitoring Dashboards to validate event routing configuration and
operation

Chapter 12: Managing Breach Rules and Monitoring Dashboards in ArcMC

Describe the steps to create breach rules for managed nodes and devices
Identify the built-in monitoring rules and dashboards
Recognize ArcMC Monitoring Dashboards to determine node and device health
Describe the steps to Inspect Audit logs in ArcMC generated by breach rules

Chapter 13: Generator ID Management in ArcMC

Recognize Global Event ID Design and Features
Describe the steps to configure ArcMC as a Generator ID Manager
Recognize how ArcMC assigns Generator IDs to Manage Nodes
Describe the steps to assign Generator IDs to software ArcMC (non-containerized) and
Logger processes via ArcMC Generator ID Manager
Identify the assigned Generator IDs using the Generator ID Manager panel

Chapter 14: ArcMC Product Administration – Application Tools

Describe the ArcMC tools under the Administration > Application menu: Backup, Restore Snapshot Logger Data Consumption Report
Describe the steps to perform rapid installation of connectors using ArcMC’s Instant Deployment feature
Recognize how Audit Events are forwarded by a standalone ArcMC Software instance
Describe the steps to install and configure a Syslog Connector via Configuration Management Templates
Identify ArcMC Audit Events in standalone ArcMC Software and Logger Interfaces

Chapter 15: ArcMC Product Administration – Repositories and Node Upgrades

Recognize how ArcMC repositories are used to upload upgrade or content update files
Identify the steps to upgrade Logger and standalone ArcMC Software managed nodes
Perform upgrade of Connectors Framework and parser using ArcSight Update Files
Describe the steps to perform the remote upgrade of Loggers, Software ArcMC and Connectors via Core (Fusion) ArcMC interface.
Describe the steps to install, configure and upgrade Syslog Connectors using ArcMC interface

 

Certifikát Na dotaz.

Hodnocení