ArcSight-Platform-Installing and Configuring ArcSight Platform

Module 1: Architecture

• Describing the ArcSight Platform and its Architecture
• Describing the underlying CDF infrastructure
• Identifying the ArcSight Platform Capabilities
• Explaining other related components to the Platform
• Considerations and Best Practices

Module 2: System Requirements

• Describing the following:
  • System Requirements
  • Host Requirements
  • DNS requirements
  • NFS Requirements
  • ArcSight Database

Module 3: YAML Files

• Configuring the ArcSight Platform YAML Files

Module 4: Installing ArcSight Platform

• Pre-installing ArcSight
• Installing ArcSight

Module 5: Post-Install Activities

• Checking the status of the ArcSight Platform Installation
• Accessing and exploring the ITOM Management Portal
• Running the post-install command to finalize the deployment
• Uploading License Files under the ITOM Management Portal
• Logging into Fusion for the First Time

Module 6: Transformation Hub Management from Fusion ArcMC

• Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion
• Retrieving the master root certificate

Module 7: Producing Events and Transformation Hub Ingestion

• Recognizing and describing how events are produced
• Describing event formats: classic (CEF) and AVRO
• Installing a CEF Producer and AVRO Producer of events
• Detailed walkthrough of the configuration steps and all parameters
• Sending Test Alerts Replay Events to Transformation Hub
• Validating Topics and Transformation Hub Ingestion

Module 8: Collectors and CTH Deployment from ArcMC

• Defining the difference between a Collector and Connector
• Listing the advantages of using Collectors
• Describing what’s needed to perform a Collector Deployment using ArcMC
• Deploying CTH from ArcMC and route events from th-syslog to other topics

Module 9: Topic and Route Management

• Managing Topic and Routes
• Local vs Global Event Enrichment
• Types of Stream Processor Instances in Transformation Hub
• Configuring Topics and Routes – Step by Step Example for Global Event Enrichment

Module 10: Integrating ESM and SOAR

• Configuring the ESM and SOAR Integration
• Verifying a Successful Integration

Module 11: Enabling Single Sign-On

• Configuring the ESM Admin User for Single Sign-on
• Enabling Single Sign-on

Module 12: Managing Users in ArcSight

• Managing ArcSight Users Overview
• Managing ESM Users
• Managing Fusion Users
• Managing SOAR Users
• Defining Recon User Permissions and Roles
• Defining Intelligence User Permissions and Roles

Module 13: Adding More ArcSight Capabilities

• Describing the benefits of adding more ArcSight capabilities
• Adding more ArcSight capabilities
• Specify mandatory filtering on pre-defined fields or user-specified fields
• Create lookup values for field attributes
• Create and use parameters and parameter groups