Module 2: AlienVault USM Basic Configuration and Verifying Operations

Similar documents
AlienVault USM Appliance for Security Engineers 5 day course outline. Module 2: USM Appliance Basic Configuration and Verifying Operations

Version 5.3 Rev A Student Guide

Integration Guide. AlienVault Unified Security Management (USM)

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Course: 2553A Administering Microsoft SharePoint Portal Server 2003

Administering a SQL Database Infrastructure (M20764)

NetVault Backup Web-based Training Bundle - 2 Student Pack

Training for the cyber professionals of tomorrow

"Charting the Course... MOC A: Administering System Center Configuration Manager. Course Summary

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Administering System Center Configuration Manager

NETVAULT BACKUP SYSTEM ADMINISTRATION COMPLETE - INSTRUCTOR LED TRAINING

Administering System Center Configuration Manager

Oracle Hyperion EPM Installation & Configuration ( ) NEW

VMware vsphere with ESX 6 and vcenter 6

Advanced Technologies of SharePoint 2016

Advanced Technologies of SharePoint 2016

Administering VMware vsphere and vcenter 5

McAfee Security Connected Integrating epo and MVM

Provisioning SQL Databases

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Designing a Microsoft SharePoint 2010 Infrastructure

A: Administering System Center Configuration Manager

The following topics describe how to use backup and restore features in the Firepower System:

Course A: Administering System Center Configuration Manager

SIEM (Security Information Event Management)

ADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER

"Charting the Course... MOC B Active Directory Services with Windows Server Course Summary

System Center Course Administering System Center Configuration Manager. Length. Audience. 5 days

CompTIA Cybersecurity Analyst+

CISSP - Certified Information Systems Security Professional

Maintaining a Microsoft SQL Server 2005 Database Course 2780: Three days; Instructor-Led

Microsoft Administering System Center Configuration Manager

Advanced Technologies of SharePoint 2016 ( )

USM Anywhere AlienApps Guide

Active Directory Services with Windows Server

Backup and Restore Introduction

MD-100: Modern Desktop Administrator Part 1

"Charting the Course... Implementing Cisco Telepresence Video Solutions Part 2 (VTVS2) Course Summary

MS : Installation and Deployment in Microsoft Dynamics CRM 2013

Deploying System Center 2012 Configuration Manager Course 10748A; 3 Days

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services (Course 6425A)

2554 : Administering Microsoft Windows SharePoint Services and SharePoint Portal Server 2003

Task Scheduling. Introduction to Task Scheduling. Configuring a Recurring Task

Firepower Management Center High Availability

CompTIA Security+ Study Guide (SY0-501)

SHAREPOINT 2016 ADMINISTRATOR BOOTCAMP 5 DAYS

Microsoft Advanced Technologies of SharePoint 2016

Provisioning SQL Databases

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Tenable for Palo Alto Networks

Planning and Administering SharePoint 2016

Administering System Center Configuration Manager

Oracle Database Cloud for Oracle DBAs Ed 3

Microsoft Exchange Server 2016

"Charting the Course... MOC /2: Planning, Administering & Advanced Technologies of SharePoint Course Summary

Module 1: Understanding and Installing Internet Information Services

Administering System Center Configuration Manager ( A)

Tech Note. ConnectWise PSA Integration

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

Administering System Center 2012 Configuration Manager

SQL Server Course Administering a SQL 2016 Database Infrastructure. Length. Prerequisites. Audience. Course Outline.

ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER

SharePoint 2016 Administrator's Survival Camp

: 20696C: Administering System Center Configuration Manager and Intune

Implementing Cisco Network Security (IINS) 3.0

SCCM 2012 Course Details

NE Administering System Center Configuration Manager and Intune

Course 6231A: Maintaining a Microsoft SQL Server 2008 Database

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Administer System Center Configuration Manager for Desktop Support

Course Outline: Designing, Optimizing, and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Microsoft Installation and Deployment in Microsoft Dynamics CRM 2013

Course 6231A: Maintaining a Microsoft SQL Server 2008 Database

Managing Microsoft 365 Identity and Access

IBM Security SiteProtector System User Guide for Security Analysts

Chapter 5: Vulnerability Analysis

"Charting the Course B Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Course Summary

Digital Defense Frontline VM 6.0

Citrix NetScaler 10.5 Essentials for ACE Migration (CNS-208)

Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers

EMC Implementation for vsphere Data Protection Practitioner s Guide

Administering System Center Configuration Manager and Intune

At Course Completion: Course Outline: Course 20742: Identity with Windows Server Learning Method: Instructor-led Classroom Learning

"Charting the Course to Your Success!" MOC B Implementing Forefront Identity Manager 2010 Course Summary

Application Notes for Installing and Configuring Avaya Control Manager Enterprise Edition in a High Availability mode.

Administering System Center Configuration Manager ( )

MD-101: Modern Desktop Administrator Part 2

Course Outline. Administering Microsoft SQL Server 2012 Databases (Course & Lab) ( Add-On )

Microsoft Active Directory Services with Windows Server

CNS-205 Citrix NetScaler 10.5 Essentials and Networking

10969: Active Directory Services with Windows Server

NetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led

Server Virtualization with Windows Server Hyper- V and System Center

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

COURSE 20462C: ADMINISTERING MICROSOFT SQL SERVER DATABASES

IBM Security QRadar SIEM Version Getting Started Guide

Microsoft Exchange Server 2013

10972: ADMINISTERING THE WEB SERVER (IIS) ROLE OF WINDOWS SERVER

Maintaining a Microsoft SQL Server 2008 Database (Course 6231A)

Transcription:

AlienVault USM for Security Engineers 5 day course outline Course Introduction Module 1: Overview The Course Introduction provides students with the course objectives and prerequisite learner skills and knowledge for the AUSM for Security Engineers 5 day course. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This module provides an overview of the AlienVault Unified Security Management (USM ) solution. Upon completing this module, you will meet these objectives: Understand the basic function of AlienVault USM Describe AlienVault USM Architecture Describe AlienVault Labs and the threat intelligence it provides This module includes these topics: AlienVault USM overview USM Architecture AlienVault Labs and OTX Module 2: AlienVault USM Basic Configuration and Verifying Operations This module describes AlienVault Unified Security Management (USM) installation, basic configuration and verification, and graphical user interface. Upon completing this module, you will meet these objectives: Describe the AlienVault USM graphical user interface Understand how to work with the menus and options available on the graphical user interface Verify basic AlienVault USM operations Initial USM Setup AlienVault USM User Interface USM Settings and Support AlienVault USM Primary Menu Environment Snapshot Basic Configuration Verify Basic Operations Lab 2-1: AlienVault USM Basic Configuration Lab 2-2: Verify AlienVault USM Basic Operations

Module 3: Asset Management This module describes AlienVault Unified Security Management (USM) asset management. Upon completing this module, you will meet these objectives: Define AlienVault USM assets Describe how AlienVault uses asset management Add assets to the USM asset database Configure and schedule asset discovery in the USM Configure and manage assets using asset groups, networks, and asset labels Asset Overview Navigating the Assets UI Managing Assets Adding Assets Asset Discovery Scans Asset Groups Networks and Network Groups Asset Labels Lab 3-1: Manage AlienVault USM Assets Module 4: Configuring Data Sources This module describes AlienVault Unified Security Management (USM) security intelligence, which uses data source plugins to normalize events from various data sources. It also includes correlation to detect security threats by tracking behavior patterns. Upon completing this module, you will meet these objectives: Describe data aggregation and normalization Describe data sources and how they work in USM Enable different data sources in USM Understand how events are processed in USM Calculate risk for USM events Correlate events in USM This module includes these topics: Data Aggregation and Detection Data Sources Enabling Data Source Plugins Working with Events Risk Calculation Correlation Page 2 of 7 AlienVault USM for Security Engineers v5.3.4 Rev A Copyright 2017 AlienVault. All rights reserved.

Module 5: Policies and Actions This module describes AlienVault Unified Security Management (USM) policies which are used to influence event processing, and to filter unnecessary events and false positives. The module also describes actions that can be configured as policy consequences. Upon completing this module, you will meet these objectives: Navigate the USM Policies user interface Configure USM actions Configure USM policies for events Configure USM policies for directive events USM Policy UI Overview USM Policies for Events USM Actions USM Policies for Directive Events Policy Example Configurations Lab 5-1: Configure Policies and Actions Module 6: Correlation Directives This module describes how to customize security intelligence in AlienVault Unified Security Management (USM) system. This module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives: Understand logical correlation in USM Describe correlation directives Create a custom correlation directive Logical Correlation Correlation Directives Custom Correlation Directives Create Custom Correlation Directive Lab 6-1: Configure a Custom Correlation Directive Module 7: Threat Detection This module describes AlienVault Unified Security Management (USM) threat detection functionalities. The module describes the Intrusion Detection System (IDS) and the AlienVault USM IDS functionalities: network IDS, and host IDS. The module Copyright 2017 AlienVault. All rights reserved. Course Outline Page 3 of 7

also describes the AlienVault USM vulnerability assessment functionality. Upon completing this module, you will meet these objectives: Configure AlienVault USM network IDS Configure AlienVault USM host IDS through the Environment screen Configure AlienVault USM host IDS through the Assets screen Configure and perform AlienVault USM vulnerability assessment Network IDS Host IDS Deploying HIDS Environment Deploying HIDS Assets Vulnerability Assessment Lab 7-1: Deploy AlienVault USM Threat Detection Features Module 8: Behavioral Monitoring This module describes AlienVault Unified Security Management (USM) behavioral monitoring functionalities. The module first (briefly) describes log collection, followed by AlienVault USM NetFlow collection. The module also explains the AlienVault USM availability monitoring functionality. Upon completing this module, you will meet these objectives: Describe and configure AlienVault USM log collection Describe and configure AlienVault USM NetFlow collection Describe and configure AlienVault USM availability monitoring Log Collection NetFlow Availability Monitoring Lab 8-1: Deploy AlienVault USM Availability Monitoring Module 9: OTX This module describes the Open Threat Exchange (OTX). The module describes OTX and pulses, then how to follow and subscribe to other users and their pulses. Finally, students will create their own pulses. Upon completing this module, you will meet these objectives: Describe OTX and its important concepts Setting up an OTX account Search and subscribe to pulses and follow other OTX users Create a pulse for OTX Page 4 of 7 AlienVault USM for Security Engineers v5.3.4 Rev A Copyright 2017 AlienVault. All rights reserved.

Open Threat Exchange Setting up an OTX Account Searching and Subscribing to Pulses Creating a Pulse Lab 9-1: Setting up and using OTX Module 10: Security Analysis This module describes security analysis of alarms and events produced by AlienVault Unified Security Management (USM). The module starts with a description of a security analysis process, reviews Dashboards and Alarms, and then provides a detailed breakdown of the steps and tools available during the process of security analysis. Upon completing this module, you will meet these objectives: Describe the Security Analysis Process Examine the dashboards Remediate the alarms in USM Investigate events in USM Check raw logs for more details Examine packet captures for more details about an event File tickets to manage event investigation Security Analysis Process Overview Dashboards Remediate Alarms Investigate Events Check Raw Logs Examine Packet Captures File Tickets Lab 10-1: Perform Security Analysis Module 11: System Maintenance This module describes AlienVault Unified Security Management (USM) system maintenance. The module first describes how long AlienVault USM stores alarms, events, and logs, and how you can modify retention settings. The module also describes how to perform event and full system backup and restore. Upon completing this module, you will meet these objectives: Describe AlienVault USM alarms, events, and logs retention Describe how to perform backup and restore of events data Copyright 2017 AlienVault. All rights reserved. Course Outline Page 5 of 7

Describe how to perform backup and restore of configuration data Event, Alarm, and Log Retention Event Backup and Restore Configuration Backup Configuration Restore Lab 11-1: Maintain AlienVault USM System Module 12: Administrative User Management This module describes AlienVault Unified Security Management (USM) administrative user management. The module first describes the administrative user account that is the default account to manage the web UI in AlienVault USM. The module continues to describe how to change settings of an administartive user, how to manage administrative user accounts, and how to manage global authentication settings. The module also describes administrative user activity accounting, and how to perform admin user account password recovery. Upon completing this module, you will meet these objectives: Describe administrative user management Manage user profile Manage administrative users Describe administrative user accounting Manage global authentications settings Recover admin user account password Administrative User Management Configuring an Administrative User Manage Global Authentication Settings Administrative User Accounting Recover Admin Password Lab 12-1: Manage Administrative Users Module 13: AlienVault USM Deployment This module describes AlienVault Unified Security Management (USM) deployment options and explains how to prepare for the deployment. Upon completing this module, you will meet these objectives: Understand how to deploy AlienVault USM components Understand various AlienVault USM deployments Understand Correlation Context and Entities Describe how to handle other deployment considerations Page 6 of 7 AlienVault USM for Security Engineers v5.3.4 Rev A Copyright 2017 AlienVault. All rights reserved.

This module includes these topics: Deploying USM Components Deployment Examples Context Correlation and Entities Other Deployment Considerations Module 14: Upgrading AlienVault Unified Security Management (USM) This module describes AlienVault Unified Security Management (USM) system upgrade process. The module describes how to update the AlienVault USM system and threat intelligence feeds, and how to perform offline upgrades. Upon completing this module, you will meet these objectives: Understand the USM Upgrade Process Upgrading USM Upgrading the threat intelligence, plugins, and reports Upgrading the USM appliance offline This module includes these topics: USM Upgrade Process Upgrading the USM and the Threat Feed Offline Updates for the USM Appliance Module 15: Reporting This module describes AlienVault Unified Security Management (USM) reporting. The module first describes how to generate, view, and schedule reports, and how to customize reports or how to generate custom ones. Upon completing this module, you will meet these objectives: Describe the AlienVault USM reporting system Run, schedule, and view a report Create custom reports Create custom layouts for your reports Create custom modules from security events and logs USM Reporting Running Reports Creating Custom Reports Creating Custom Layouts Creating Custom Modules Lab 15-1: Run, Schedule, and Customize a Report Copyright 2017 AlienVault. All rights reserved. Course Outline Page 7 of 7

Module 16: Custom Plugins This module describes how to customize security intelligence in AlienVault Unified Security Management (USM) system. The module first describes the plugins delivered by AlienVault and then how to customize or create custom data source plugins. Then the module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives: Understand how to create custom plugins for USM Describe the configuration files for custom plugins Understand the role regular expressions play in customizing plugins Understand the SQL files for custom plugins Enable the new plugin AlienVault Plugins Customizing Plugins Plugin Configuration Files Regular Expressions SQL Files Enabling New Plugins Lab 16-1: Creating a Custom Data Source Plugin Page 8 of 7 AlienVault USM for Security Engineers v5.3.4 Rev A Copyright 2017 AlienVault. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback