Course Overview
This instructor-led course teaches you how to install and configure ArcSight Platform 23.2 on-premise with the ArcSight Platform Installation program.
Who should attend
This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge:
- ESM200 - ESM Administrator and Analyst or comparable ArcSight experience
- Experience working with command line tools
- Experience deploying applications in Windows and Linux environments
- Computer desktop, browser, and file system navigation skills
- Two Monitors to make it easy to review the guides on one screen, and the lab on the second screen
Course Objectives
On completion of this course, participants should be able to:
- Describe the ArcSight Platform and its Architecture
- Describe the system requirements
- Install ArcSight Platform
- Verify a successful installation
- Configure ArcSight Platform to ingest events
- Configure collectors and CTH with ArcMC
- Configure Topics and Routes
- Configure ESM and SOAR Integration
- Manage ArcSight Users
- Enable Single Sign-On
- Add features to an existing ArcSight installation
Course Content
- Architecture
- System Requirements
- YAML Files
- Installing ArcSight Platform
- Post-Install Activities
- Transformation Hub Management from Fusion ArcMC
- Producing Events and Transformation Hub Ingestion
- Collectors and CTH Deployment from ArcMC
- Topic and Route Management
- Integrating ESM and SOAR
- Enabling Single Sign-On
- Managing Users in ArcSight
- Adding More ArcSight Capabilities