AlienVault USM Appliance for Security Engineers 5 day course outline. Module 2: USM Appliance Basic Configuration and Verifying Operations

Similar documents
Module 2: AlienVault USM Basic Configuration and Verifying Operations

Version 5.3 Rev A Student Guide

Integration Guide. AlienVault Unified Security Management (USM)

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

NetVault Backup Web-based Training Bundle - 2 Student Pack

Administering VMware vsphere and vcenter 5

Administering a SQL Database Infrastructure (M20764)

"Charting the Course... MOC A: Administering System Center Configuration Manager. Course Summary

Administering System Center Configuration Manager

NETVAULT BACKUP SYSTEM ADMINISTRATION COMPLETE - INSTRUCTOR LED TRAINING

VMware vsphere with ESX 6 and vcenter 6

Administering System Center Configuration Manager

Server Virtualization with Windows Server Hyper- V and System Center

Firepower Management Center High Availability

Training for the cyber professionals of tomorrow

A: Administering System Center Configuration Manager

Course A: Administering System Center Configuration Manager

The following topics describe how to use backup and restore features in the Firepower System:

Course 6231A: Maintaining a Microsoft SQL Server 2008 Database

ADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Course 6231A: Maintaining a Microsoft SQL Server 2008 Database

Course: 2553A Administering Microsoft SharePoint Portal Server 2003

Oracle Hyperion EPM Installation & Configuration ( ) NEW

Provisioning SQL Databases

2554 : Administering Microsoft Windows SharePoint Services and SharePoint Portal Server 2003

Designing a Microsoft SharePoint 2010 Infrastructure

Microsoft Administering System Center Configuration Manager

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

SQL Server Course Administering a SQL 2016 Database Infrastructure. Length. Prerequisites. Audience. Course Outline.

Administering System Center Configuration Manager

Backup and Restore Introduction

CISSP - Certified Information Systems Security Professional

Maintaining a Microsoft SQL Server 2008 Database (Course 6231A)

20745B: Implementing a Software- Defined DataCenter Using System Center Virtual Machine Manager

Maintaining a Microsoft SQL Server 2005 Database Course 2780: Three days; Instructor-Led

COURSE 20462C: ADMINISTERING MICROSOFT SQL SERVER DATABASES

"Charting the Course... MOC B Active Directory Services with Windows Server Course Summary

"Charting the Course... Implementing Cisco Telepresence Video Solutions Part 2 (VTVS2) Course Summary

: 20696C: Administering System Center Configuration Manager and Intune

Course CXS-203 Citrix XenServer 6.0 Administration

Deploying System Center 2012 Configuration Manager Course 10748A; 3 Days

Course Outline. Administering Microsoft SQL Server 2012 Databases (Course & Lab) ( Add-On )

MS-20462: Administering Microsoft SQL Server Databases

Administering System Center Configuration Manager ( A)

USM Anywhere AlienApps Guide

Active Directory Services with Windows Server

Digital Defense Frontline VM 6.0

MD-100: Modern Desktop Administrator Part 1

Advanced Technologies of SharePoint 2016

Advanced Technologies of SharePoint 2016

McAfee Security Connected Integrating epo and MVM

Provisioning SQL Databases

Administering System Center Configuration Manager and Intune

ALIENVAULT USM FOR AWS SOLUTION GUIDE

SIEM (Security Information Event Management)

NE Server Virtualization with Windows Server Hyper-V and System Center. Windows Server Summary. Introduction.

"Charting the Course... MOC C: Administering an SQL Database Infrastructure. Course Summary

Citrix NetScaler 10.5 Essentials for ACE Migration (CNS-208)

10969: Active Directory Services with Windows Server

Microsoft Exchange Server 2013

Tenable for Palo Alto Networks

"Charting the Course... MOC /2: Planning, Administering & Advanced Technologies of SharePoint Course Summary

Managing Microsoft 365 Identity and Access

Administering System Center Configuration Manager ( )

BrainDumps.C _35,Questions

Planning and Administering SharePoint 2016

Qualys Cloud Suite 2.28

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

CompTIA Cybersecurity Analyst+

ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER

Administering System Center 2012 Configuration Manager

Implementing a Software-Defined DataCenter

System Center Course Administering System Center Configuration Manager. Length. Audience. 5 days

20462: Administering Microsoft SQL Server 2014 Databases

COURSE OUTLINE. COURSE OBJECTIVES After completing this course, students will be able to: 1 - INSTALLING & CONFIGURING DCS

M20696 Administering System Center Configuration Manager and Intune

Administer System Center Configuration Manager for Desktop Support

Course 20416B: Implementing Desktop Application Environments Page 1 of 7

Detail the learning environment, remote access labs and course timings

Detector Service Delivery System (SDS) Version 3.0

SCCM 2012 Course Details

Writing Reports with Report Designer and SSRS 2014 Level 1

Application Notes for Installing and Configuring Avaya Control Manager Enterprise Edition in a High Availability mode.

McAfee Enterprise Security Manager 10.3.x Release Notes

What s in Installing and Configuring Windows Server 2012 (70-410):

NE Administering System Center Configuration Manager and Intune

Advanced Technologies of SharePoint 2016 ( )

Administrator Guide. Flexible Storage

A: Administering System Center Configuration Manager

Windows 8 Boot Camp 6439; 5 Days, Instructor-led

Administering System Center Configuration Manager

Task Scheduling. Introduction to Task Scheduling. Configuring a Recurring Task

Identity with Windows Server 2016

SharePoint 2016 Administrator's Survival Camp

At Course Completion: Course Outline: Course 20742: Identity with Windows Server Learning Method: Instructor-led Classroom Learning

Microsoft Implementing a Software-Defined DataCenter

: Course 55021A : Configuring and Administering Hyper-V in Windows Server 2012

10748: Planning and Deploying System Center 2012 Configuration Manager

MS : Installation and Deployment in Microsoft Dynamics CRM 2013

Transcription:

AlienVault USM Appliance for Security Engineers 5 day course outline Course Introduction Module 1: Overview The Course Introduction provides students with the course objectives and prerequisite learner skills and knowledge for the AlienVault USM Appliance for Security Engineers 5-day course. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This module provides an overview of AlienVault Unified Security Management (USM ) and the AlienVault USM Appliance product. Upon completing this module, you will meet these objectives: Understand the basic function of USM Appliance Describe the USM Appliance architecture Describe AlienVault Labs and the threat intelligence it provides This module includes these topics: AlienVault USM overview USM Appliance Architecture AlienVault Labs and Open Threat Exchange (OTX ) Module 2: USM Appliance Basic Configuration and Verifying Operations This module describes USM Appliance installation, basic configuration and verification, and graphical user interface. Upon completing this module, you will meet these objectives: Describe the graphical user interface Understand how to work with the menus and options available on the graphical user interface Verify basic operations Initial Setup User Interface Settings and Support Primary and Secondary Menus Environment Snapshot Basic Configuration Verify Basic Operations Lab 2-1: USM Appliance Basic Configuration Lab 2-2: Verify USM Appliance Basic Operations

Module 3: Asset Management This module describes USM Appliance asset management. Upon completing this module, you will meet these objectives: Define assets Describe asset management Add assets to the asset database Configure and schedule asset discovery Configure and manage assets using asset groups, networks, and asset labels Asset Overview Navigating the Assets UI Managing Assets Adding Assets Asset Discovery Scans Asset Groups Networks and Network Groups Asset Labels Lab 3-1: Manage USM Appliance Assets Module 4: Configuring Data Sources This module describes USM Appliance security intelligence, which uses data source plugins to normalize events from various data sources. It also includes correlation to detect security threats by tracking behavior patterns. Upon completing this module, you will meet these objectives: Describe data aggregation and normalization Describe data sources and how they work Enable different data sources Understand how events are processed Calculate risk for events Correlate events This module includes these topics: Data Aggregation and Detection Data Sources Enabling Data Source Plugins Working with Events Risk Calculation Correlation Page 2 of 9 AlienVault USM Appliance for Security Engineers v5.3.5 Rev A Copyright 2017 AlienVault. All rights reserved.

Module 5: Policies and Actions This module describes USM Appliance policies which are used to influence event processing, and to filter unnecessary events and false positives. The module also describes actions that can be configured as policy consequences. Upon completing this module, you will meet these objectives: Navigate the policies user interface Configure policy actions Configure policies for events Configure policies for directive events Policy UI Overview Policies for Events Configuring Actions Policies for Directive Events Policy Example Configurations Lab 5-1: Configure Policies and Actions Module 6: Correlation Directives This module describes how to customize security intelligence in USM Appliance. This module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives: Understand logical correlation in USM Appliance Describe correlation directives Create a custom correlation directive Logical Correlation Correlation Directives Custom Correlation Directives Create Custom Correlation Directive Lab 6-1: Configure a Custom Correlation Directive Module 7: Threat Detection This module describes USM Appliance threat detection functionalities. The module describes the Intrusion Detection System (IDS) and the USM Appliance IDS functionalities: network IDS, and host IDS. The module also describes the USM Appliance vulnerability assessment functionality. Upon completing this module, you will meet these objectives: Configure network IDS Configure host IDS through the Environment screen Copyright 2017 AlienVault. All rights reserved. Course Outline Page 3 of 9

Configure host IDS through the Assets screen Configure and perform vulnerability assessment Network IDS Host IDS Deploying HIDS Environment Deploying HIDS Assets Vulnerability Assessment Lab 7-1: Deploy USM Appliance Threat Detection Features Module 8: Behavioral Monitoring This module describes USM Appliance behavioral monitoring functionalities. The module first (briefly) describes log collection, followed by NetFlow collection. The module also explains the availability monitoring functionality. Upon completing this module, you will meet these objectives: Describe and configure log collection Describe and configure NetFlow collection Describe and configure availability monitoring Log Collection NetFlow Availability Monitoring Lab 8-1: Deploy USM Appliance Availability Monitoring Module 9: OTX This module describes the Open Threat Exchange (OTX). The module describes OTX and pulses, then how to follow and subscribe to other users and their pulses. Finally, students will create their own pulses. Upon completing this module, you will meet these objectives: Describe OTX and its important concepts Set up an OTX account Search and subscribe to pulses and follow other OTX users Create a pulse for OTX Open Threat Exchange Setting up an OTX Account Searching and Subscribing to Pulses Creating a Pulse Page 4 of 9 AlienVault USM Appliance for Security Engineers v5.3.5 Rev A Copyright 2017 AlienVault. All rights reserved.

Lab 9-1: Setting up and using OTX Module 10: Security Analysis This module describes security analysis of alarms and events produced by USM Appliance. The module starts with a description of a security analysis process, reviews Dashboards and Alarms, and then provides a detailed breakdown of the steps and tools available during the process of security analysis. Upon completing this module, you will meet these objectives: Describe the Security Analysis Process Examine the dashboards Remediate the alarms in USM Appliance Investigate events in USM Appliance Check raw logs for more details Examine packet captures for more details about an event File tickets to manage event investigation Security Analysis Process Overview Dashboards Remediate Alarms Investigate Events Check Raw Logs Examine Packet Captures File Tickets Lab 10-1: Perform Security Analysis Module 11: System Maintenance This module describes USM Appliance system maintenance. The module first describes how long USM Appliance stores alarms, events, and logs, and how you can modify retention settings. The module also describes how to perform event and full system backup and restore. Upon completing this module, you will meet these objectives: Describe alarms, events, and log retention Describe how to backup and restore of events data Describe how to backup and restore of configuration data Event, Alarm, and Log Retention Event Backup and Restore Configuration Backup Configuration Restore Copyright 2017 AlienVault. All rights reserved. Course Outline Page 5 of 9

Lab 11-1: Maintain USM Appliance System Module 12: Administrative User Management This module describes USM Appliance administrative user management. The module first describes the administrative user account that is the default account to manage the web UI. The module continues to describe how to change settings of an administrative user, how to manage administrative user accounts, and how to manage global authentication settings. The module also describes administrative user activity accounting, and how to perform admin user account password recovery. Upon completing this module, you will meet these objectives: Describe administrative user management Manage user profiles Manage administrative users Describe administrative user accounting Manage global authentication settings Recover admin user account password Administrative User Management Configuring an Administrative User Manage Global Authentication Settings Administrative User Accounting Recover Admin Password Lab 12-1: Manage Administrative Users Module 13: USM Appliance Deployment This module describes USM Appliance deployment options and explains how to prepare for deployment. Upon completing this module, you will meet these objectives: Understand how to deploy USM Appliance components Understand various types of deployment Understand Correlation Contexts and Entities Describe how to handle other deployment considerations This module includes these topics: Deploying USM Components Deployment Examples Context Correlation and Entities Other Deployment Considerations Page 6 of 9 AlienVault USM Appliance for Security Engineers v5.3.5 Rev A Copyright 2017 AlienVault. All rights reserved.

Module 14: Updating USM Appliance This module describes updating a USM Appliance system. The module describes how to update the system software and threat intelligence feeds, and how to perform offline updates. Upon completing this module, you will meet these objectives: Understand the USM Appliance Update Process Know how to update the threat intelligence, plugins, and reports Know how to update USM Appliance offline This module includes these topics: USM Appliance Update Process Upgrading USM Appliance and the Threat Feed Offline Updates for USM Appliance Module 15: Reporting This module describes USM Appliance reporting. The module describes how to generate, view, and schedule reports, and how to customize existing reports or generate custom ones. Upon completing this module, you will meet these objectives: Describe the USM Appliance reporting system Run, schedule, and view a report Create custom reports Create custom layouts for your reports Create custom modules from security events and logs USM Appliance Reporting Running Reports Creating Custom Reports Creating Custom Layouts Creating Custom Modules Lab 15-1: Run, Schedule, and Customize a Report Module 16: Custom Plugins This module describes how to customize security intelligence in USM Appliance systems. The module describes the plugins delivered by AlienVault and then how to customize or create custom data source plugins. The module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives: Understand how to create custom plugins for USM Appliance Describe the configuration files for plugins Understand the role regular expressions play in plugins Copyright 2017 AlienVault. All rights reserved. Course Outline Page 7 of 9

Understand the plugin SQL files Enable a new plugin AlienVault Plugins Customizing Plugins Plugin Configuration Files Regular Expressions SQL Files Enabling New Plugins Lab 16-1: Creating a Custom Data Source Plugin Page 8 of 9 AlienVault USM Appliance for Security Engineers v5.3.5 Rev A Copyright 2017 AlienVault. All rights reserved.

Addendum for USM Appliance 5.4 Module 18: USM Appliance 5.4 This module reviews some of the new features in USM Appliance 5.4, including Plugin Builder overview NetFlow Events Threat Intelligence Subscription Auto Updates Hyper-V Support Exports of reports in Excel format New settings for minimum free disk space for event backup Module 19: Plugin Builder This module goes into detail on the new plugin builder Copyright 2017 AlienVault. All rights reserved. Course Outline Page 9 of 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback