ArcSight ESM Advanced Analyst - CSE (ESM320)

Course Description Agenda Course Outline

Course Overview

This course provides you with the knowledge required to use advanced ArcSight ESM 6.11 content to find and correlate event information, perform actions such as notifying stakeholders, graphically analyze event data, and report on security incidents. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks. This course covers ArcSight security problem solving methodology using advanced ArcSight ESM 6.11 content to find, track and remediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize notification templates to send the appropriate notification based upon specific attributes of an event.

A qui s'adresse cette formation

This course is intended for:

  • Define their organization’s security objectives
  • Build or use advanced content to correlate, view and respond to those security objectives


To be successful in this course, you should have the following prerequisites or knowledge:

  • Common security devices such as IDS and firewalls
  • Common network device functions, such as routers, switches, and hubs
  • TCP/IP functions such as CIDR blocks, subnets, addressing, and communications
  • Basic Windows operating system tasks and functions
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Completed the ArcSight ESM Administrator and Analyst ATP course or 6 months experience administering ArcSight ESM


Upon successful completion of this course, you should be able to:

  • Navigate ArcSight ESM console and command center to correlate, investigate, analyze and remediate both exposed and obscure threats
  • Construct ArcSight variables to provide advanced analysis of the event stream
  • Develop ArcSight lists and rules to allow advanced correlation activities
  • Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies
  • Design new report templates and create functional reports
  • Find events through the search tools


  • Module 1: ESM Overview
  • Module 2: ArcSight console
  • Module 3: ESM Active Channels
  • Module 4: ESM Filters
  • Module 5: Data Monitors and Dashboards
  • Module 6: Variable Customization
  • Module 7: ESM Lists
  • Module 8: ESM Rules
  • Module 9: Query Viewers Authoring
  • Module 10: ESM Reports
  • Module 11: Unified Event Search Tools
Classroom training
Modality: G

Durée 5 jours

Dates et Inscription
Formation en ligne
Modality: U

Durée 5 jours

Dates et Inscription
pointer une ville pour s'enregistrer Agenda

Actuellement pas de date de disponible  For enquiries please write to

04.11. - 08.11.2019 Munich