This course prepares Trellix SIEM engineers and analysts to understand, communicate, and use the features provided by Trellix Enterprise Security Manager. Through demonstration, explanation, and hands-on lab exercises, you will learn how to utilize the Enterprise Security Manager by using Trellix-recommended best practices and methodologies.
Contact Us
We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.
Duration
4 Days
4 Days
Delivery
(Online and onsite)
(Online and onsite)
Price
Price Upon Request
Price Upon Request
- Review the ESM solution’s abilities and configuration options
- Define and configure advanced data sources topics such as Asset Manager, Data Enrichment, Auto Learn, SIEM Collector, and Vulnerability Assessment
- Configure custom parsing rules
- Implement best practice recommendations in tuning ESM to enhance performance and events visibility
- Configure Deviation based correlation rules and utilize techniques for both Event and Risk-Based Correlation
- Make tuning recommendations according to your analysis and identify events for immediate action, delayed action, or no action
- Perform actions to maximize the usefulness of Enterprise Security Manager
- Create well-defined use cases and follow a process to implement them
Day 1:
- Welcome
- Contextual Configurations
- Advanced Data Source Options
- Alarms, Actions, Notifications, and Reports
Day 2:
- Data Streaming Bus
- Advanced Syslog Parser
- ESM Tuning and Best Practices
- Performance Troubleshooting
Day 3:
- Advanced Correlation
- Analysts Tasks
- Use Case Overview
- Management Directives Use Cases
Day 4:
- Organizational Policies Use Cases
- Compliance Use Cases
- Current Threats and Vulnerabilities Use Cases
- Incident Identification Use Cases
This course is intended for Enterprise Security Manager users responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution.
Students taking this course should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.
This course prepares Trellix SIEM engineers and analysts to understand, communicate, and use the features provided by Trellix Enterprise Security Manager. Through demonstration, explanation, and hands-on lab exercises, you will learn how to utilize the Enterprise Security Manager by using Trellix-recommended best practices and methodologies.
- Review the ESM solution’s abilities and configuration options
- Define and configure advanced data sources topics such as Asset Manager, Data Enrichment, Auto Learn, SIEM Collector, and Vulnerability Assessment
- Configure custom parsing rules
- Implement best practice recommendations in tuning ESM to enhance performance and events visibility
- Configure Deviation based correlation rules and utilize techniques for both Event and Risk-Based Correlation
- Make tuning recommendations according to your analysis and identify events for immediate action, delayed action, or no action
- Perform actions to maximize the usefulness of Enterprise Security Manager
- Create well-defined use cases and follow a process to implement them
Day 1:
- Welcome
- Contextual Configurations
- Advanced Data Source Options
- Alarms, Actions, Notifications, and Reports
Day 2:
- Data Streaming Bus
- Advanced Syslog Parser
- ESM Tuning and Best Practices
- Performance Troubleshooting
Day 3:
- Advanced Correlation
- Analysts Tasks
- Use Case Overview
- Management Directives Use Cases
Day 4:
- Organizational Policies Use Cases
- Compliance Use Cases
- Current Threats and Vulnerabilities Use Cases
- Incident Identification Use Cases
This course is intended for Enterprise Security Manager users responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution.
Students taking this course should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.
- ` Date on Request