Cisco Training Courses

Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

View More

Cisco Certifications

Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

View More

Cisco Learning Credits

Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

Have CLCs and want to redeem them?

Cisco Continuing Education

The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

View More

Cisco Digital Learning

Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

Browse CDLL Catalogue

Cisco Business Enablement

The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

View More

Fortinet Technical Certifications

The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

View More

Fortinet Technical Courses

Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

View More

ATC Status

Check our ATC Status across selected countries in Europe.

View More

Fortinet Services Packages

Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

Browse Packages

Prepforce Bootcamp

The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

View More

Microsoft Training

Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

View More

Technical Training

The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

View More

ATP Accreditation

As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

View More

What we do

Through our global presence and partner ecosystem, we provide strategic IT consulting services to align IT services with customers´ business goals

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More

 

Our Mission: Provide an expert set of modern & leading edge Network Automation skills to the market through professional services.

 

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More

 

We provide comprehensive IoT consultancy, deployment and support solutions for businesses that want to launch or improve their use of connected technologies. You’ll have the expert guidance you need to streamline operations, increase efficiency and maximize outcomes.

View More

 

We help organisations to deploy Software-Defined Networking (SDN) solutions, such as Cisco DNA. Besides, our team has extensive experience in integrating Cisco DNA Center with third-party systems

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure

 

View More

 

The Insoft experts’ team can help enterprises get the most value from Extreme products and services following our predefined value-added packages or custom ones that fit business needs

 

View More

About Us

Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

View More

ESM 101 – Enterprise Security Manager SIEM Administration

X

Contact Us

We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

Subscribe

I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.


ESM 101 – Enterprise Security Manager SIEM Administration

Enroll Now
ESM 101 – Enterprise Security Manager SIEM Administration
Duration
4 Days
Delivery
(Online and onsite)
Price
Price Upon Request
Enterprise Security Manager—the heart of our security information and event management (SIEM) solution—provides near real-time visibility into the activity on all your systems, networks, databases, and applications. This enables you to detect, correlate, and remedy threats in minutes across your entire IT infrastructure. This course prepares Enterprise Security Manager engineers and analysts to understand, communicate, and use the features provided by Enterprise Security Manager. Through hands-on lab exercises, you will learn how to optimize the Enterprise Security Manager by using recommended best practices and methodologies.

Enterprise Security Manager Overview

Define Enterprise Security Manager and SIEM concepts, identify appliances and their features, and describe the Enterprise Security Manager solution component architecture.

Devices

Configure and customize receiver data sources and data source profiles.

Enterprise Log Manager and Enterprise Log Search

Configure Enterprise Log Manager settings and mirror Enterprise Log Manager data storage.

Enterprise Security Manager Views

Effectively navigate the Enterprise Security Manager dashboard and create custom Enterprise Security Manager data views.

Data Sources

Locate events and manage cases using a variety of data sources, assets, and enriched data

Aggregation

Customize event and flow aggregation fields on a per- signature basis, and define the advantages and nuances associated with event and flow aggregation.

Policy Editor

Create, modify, and delete Enterprise Security Manager policies within the policy editor.

Query Filters

Apply filters in views, create filter sets, use string normalization, and understand the basic syntax of regular expressions.

Correlation

Configure and deploy custom correlation rules within the correlation editor.

Watch Lists and Alarms

Create and configure watch lists and alarms.

Reports

Create and configure reports.

System Management

Perform routine maintenance on Enterprise Security Manager, including updates and clearing policy modifications and rule updates.

Troubleshooting

Perform troubleshooting steps associated with login issues, operating systems and browser-specific issues, hardware issues, and Enterprise Security Manager dashboard issues.

Use Case Design

Understand how the Enterprise Security Manager interface dashboards and views are used to identify specific events and incidents.

Day 1

  • Course Introduction
  • Architecture Overview
  • Devices and Settings
  • ESM Interface and Views

Day 2

  • Data Sources
  • Working with the ELM and ELS
  • Event Analysis
  • Aggregation

Day 3

  • Watchlists and Policy Editor
  • Query Filters
  • Rule Correlation
  • Alarms

Day 4

  • Workflow and Analysis
  • Reports
  • System Maintenance and Troubleshooting
  • Intro to Use Case Design

This course is aimed at Enterprise Security Manager users, responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution. Attendees should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.

It is recommended that students have a working knowledge of networking and system administration concepts.

Enterprise Security Manager—the heart of our security information and event management (SIEM) solution—provides near real-time visibility into the activity on all your systems, networks, databases, and applications. This enables you to detect, correlate, and remedy threats in minutes across your entire IT infrastructure. This course prepares Enterprise Security Manager engineers and analysts to understand, communicate, and use the features provided by Enterprise Security Manager. Through hands-on lab exercises, you will learn how to optimize the Enterprise Security Manager by using recommended best practices and methodologies.

Enterprise Security Manager Overview

Define Enterprise Security Manager and SIEM concepts, identify appliances and their features, and describe the Enterprise Security Manager solution component architecture.

Devices

Configure and customize receiver data sources and data source profiles.

Enterprise Log Manager and Enterprise Log Search

Configure Enterprise Log Manager settings and mirror Enterprise Log Manager data storage.

Enterprise Security Manager Views

Effectively navigate the Enterprise Security Manager dashboard and create custom Enterprise Security Manager data views.

Data Sources

Locate events and manage cases using a variety of data sources, assets, and enriched data

Aggregation

Customize event and flow aggregation fields on a per- signature basis, and define the advantages and nuances associated with event and flow aggregation.

Policy Editor

Create, modify, and delete Enterprise Security Manager policies within the policy editor.

Query Filters

Apply filters in views, create filter sets, use string normalization, and understand the basic syntax of regular expressions.

Correlation

Configure and deploy custom correlation rules within the correlation editor.

Watch Lists and Alarms

Create and configure watch lists and alarms.

Reports

Create and configure reports.

System Management

Perform routine maintenance on Enterprise Security Manager, including updates and clearing policy modifications and rule updates.

Troubleshooting

Perform troubleshooting steps associated with login issues, operating systems and browser-specific issues, hardware issues, and Enterprise Security Manager dashboard issues.

Use Case Design

Understand how the Enterprise Security Manager interface dashboards and views are used to identify specific events and incidents.

Day 1

  • Course Introduction
  • Architecture Overview
  • Devices and Settings
  • ESM Interface and Views

Day 2

  • Data Sources
  • Working with the ELM and ELS
  • Event Analysis
  • Aggregation

Day 3

  • Watchlists and Policy Editor
  • Query Filters
  • Rule Correlation
  • Alarms

Day 4

  • Workflow and Analysis
  • Reports
  • System Maintenance and Troubleshooting
  • Intro to Use Case Design

This course is aimed at Enterprise Security Manager users, responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution. Attendees should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.

It is recommended that students have a working knowledge of networking and system administration concepts.

    Upcoming Dates
  • ` Apr 3 - Apr 6, 2023
  • ` May 1 - May 4, 2023
  • ` May 29 - Jun 1, 2023
  • ` Jun 26 - Jun 29, 2023
  • ` Jul 24 - Jul 27, 2023
  • ` Aug 21 - Aug 24, 2023