ECE Security Information and Event Management (SIEM) BootCampSIEM & Advanced SIEM |
|
Kursinhalt
• Architecture – Enterasys Security Information and Event Management (SIEM)
• Device Configuration and Deployment
• Overview of flow aggregation capabilities
• Network Behavioral Anomaly Detection (NBAD)
• Overview of log aggregation capabilities
• Integration with Enterasys Intrusion Prevention System (IPS)
• Rules
• Sentries
• Reporting
• Creation of Custom Application Profiles
• Use of the Adaptive Log Exporter agent on Windows servers
• Custom creation of Universal Device Support Modules (DSMs)
• Creation of XML files, event parsing with Regular Expressions, and normalization of events into the existing event categories
• Overview of the Right-click API capabilities
• Integration to provide one-click access to Netsight Automated Security Manager (ASM) remediation
• Vulnerability Assessment Scanner (currently utilizing NESSUS) integration with Enterasys SIEM
• Custom Sentry creation
• Custom event correlation rules
• Best practices and methodology for Enterasys SIEM system tuning
Jeder Teilnehmer erhält die englischsprachigen Original-Unterlagen von Enterasys.
Maßgeschneiderten Kurs anfragen
Zielgruppe
Network & Security Managers, Architects and System Integrators
Voraussetzungen
Due to the level of intensity of this accelerated course, Enterasys recommends that students should have previous hands-on experience with security appliances as well as having a solid understanding of network security concepts.
Alternativen
Wenn Sie die Themen dieses zeitlich sehr komprimierten Kurses lieber ausführlich behandelt haben möchten, sollten Sie lieber die beiden Kurse ECS Security Information and Event Management (SIEM) und ECS Advanced SIEM hören.
