ArcSight Logger + 6.0 Administration and Operations – ASE (Instructor Led) 2017-10-24T15:20:10+00:00


ArcSight Logger + 6.0 Administration and Operations – ASE (Instructor Led)


Die Trainings finden in deutscher Sprache mit englischen Unterlagen statt. Termine können Sie gerne bei uns anfragen unter: info(at) oder gleich hier Ihren Wunschtermin anfordern >>


ArcSight Logger Administration and Operations provides you with comprehensive training to quickly configure your Logger Appliance or Downloadable Software Logger and bring it into an operational state. Learning content is specifically intended for team members of security operations, network operations, auditing and compliance.

This course includes hands-on training exercises on common functionality and procedures to tailor and maintain ArcSight Logger. Leverage built-in product content out-of-the-box or further optimized to fulfill event search and reporting demands in enterprise security and operations log management environments.


At the end of this course, you will be able to:

  • Initialize Logger Appliance or install Software Logger, establish network connection, implement initial Logger storage, retention policy, and event indexing.
  • Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security authentication settings, and optional connector management facilities.
  • Establish and manage Logger user/group controls, specify global login, password, resource authorization and authentication settings, alerts and notification policies.
  • Use the Logger search builder to access unified event search facilities, save search queries as filters, saved searches, scheduled alerts, shared or search group filters.
  • Access reporting resources to view pre-built reports, copy and customize reports, and manage report groups and categories to control distribution and access to report information.


This is a base-level course that provides specific content to perform system administrative and IT integration initial setup tasks for ArcSight Logger Appliance or Software form factors. Additional end-user topics are intended for team members of security operations, network operations, as well as personnel responsible for security auditing and compliance.


To be successful in this course, you will have:

  • Computer desktop, browser, and file system navigation skills
  • TCP/IP networking, database concepts and enterprise security experience are highly advantageous


Module 1 – Introduction to Logger

  • Basic features and functionality
  • Logger form factors, models, speeds and feeds
  • Deployment scenarios, use cases
  • Basic architecture and data flow
  • Hardware and software specifications

Module 2
– Installing and Initializing Logger Appliance

  • Logger Installation and Initialization
  • Logging in to Logger
  • Setting up initial network connections (NICs)

Module 3
– Installing and Initializing Software Logger

  • Install and configure Software Logger
  • Perform Software Logger updates
  • Un-install Software Logger

Module 4
– Navigating Logger

  • Logger gauges, menu bar, help/options
  • Navigation and window controls
  • Structure of subtabs, menus, options, etc.

Module 5
– Logger Configuration Settings

  • Devices
  • Event Archives
  • Storage
  • Event Input/Output
  • Alerts
  • Scheduled Tasks
  • Filters
  • Saved Search
  • Search Optimization
  • Peer Loggers
  • Configuration Backup
  • System Maintenance
  • Retrieve Logs
  • Content Import

Module 6
– Configuring Event Input and Output

  • Receivers – CEF and raw event data capabilities
  • Forwarders and ESM Destinations
  • Devices and Device Groups
  • Event I/O SSL Certificates

Module 7
– System Admin Settings

  • System sub-menu
  • Logs sub-menu
  • Storage sub-menu
  • Security sub-menu

Module 8
– Managing Users and Groups

  • User Group Privileges
  • Managing User Groups
  • Managing Users
  • Managing User Authentication

Module 9
– Event Search

  • Search UI
  • Unified Search and Pipeline Operator Facilities
  • Wild Cards
  • Auto-suggest
  • Indexing

Module 10
– Search Tools

  • Query Expressions (Filters)
  • Time Ranges and Field Sets
  • Creating Queries using Search Builder
  • Pipeline Operators
  • Refining and Rerunning Searches
  • Live Event Viewer

Module 11
– Filters, Saved Searches, and Scheduled Alerts

  • Saving and Retrieving a Query
  • Types of Filters
  • Managing Filters
  • Creating Saved Search and Scheduled Alert Jobs
  • Saving and Exporting Search Results
  • Searching from the ESM Console

Module 12
– Logger Reports

  • Types of Reports
  • Viewing Reports
  • Report Task Options
  • Scheduling Reports Jobs
  • Report Administration

Module 13
– Designing Reports

  • Copying and Editing Reports
  • Using the Adhoc Report Designer
  • Editing a report from its results display page
  • Customizing a report layout using the Adhoc Template Configuration

Module 14
– Generating Reports

  • Search Queries vs. Report Queries
  • Creating and Editing Queries for Reports
  • Using the SQL Editor
  • Report Query Field Attributes and Properties
  • Parameters and Parameter Groups

Module 15
– Using and Designing Report Dashboards

  • About Dashboards
  • Dashboards and Report Home Pages
  • Creating a Report Dashboard

Module 16
– Alerts and Notifications

  • Configuring Notification Destinations
  • Configuring Realtime Alerts and Notifications
  • Viewing Alerts
  • Exporting Alerts

Module 17
– Import, Export, Backup, and Restore

  • Import and Export Logger alerts and queries
  • Backup and Restore Logger reports and configuration
  • Archiving Events
  • Retrieving Audit and Error Logs

Anmeldung zum Training ArcSight Logger + 6.0 Administration and Operations – ASE (Instructor Led)


Felix Möckel

Wir nehmen Datenschutz ernst! Deshalb informieren wir Sie, was mit Ihren Daten geschieht:

  • Daten aus Formularen und Webseiten-Tracking können von uns zur Analyse gespeichert werden
  • Die Daten können zur Optimierung der Webseite ausgewertet werden. Das ermöglicht es uns, besser zu verstehen, wo das Interesse unserer Besucher liegt. Wir benutzen primär Hubspot für dieses Tracking (mehr dazu finden Sie in der Erklärung auf unserer Datenschutzseite, siehe unten)
  • Wir geben Ihre Daten nicht an Dritte weiter. Im Rahmen von Veranstaltungen, an denen Sie teilnehmen möchten, kann es nötig sein, dass Ihre Daten an Vertragspartner übermittelt werden.

Weitere Details dazu, was wir mit den Daten tun und nicht tun finden Sie auf unserer Datenschutzseite, oder schreiben Sie mich bei Fragen direkt an!