Enterprise Security Manager Overview
Define Enterprise Security Manager and SIEM concepts, identify appliances and their features, and describe the Enterprise Security Manager solution component architecture.
Configure and customize receiver data sources and data source profiles.
Enterprise Log Manager and Enterprise Log Search
Configure Enterprise Log Manager settings and mirror Enterprise Log Manager data storage.
Enterprise Security Manager Views
Effectively navigate the Enterprise Security Manager dashboard and create custom Enterprise Security Manager data views.
Locate events and manage cases using a variety of data sources, assets, and enriched data
Customize event and flow aggregation fields on a per- signature basis, and define the advantages and nuances associated with event and flow aggregation.
Create, modify, and delete Enterprise Security Manager policies within the policy editor.
Apply filters in views, create filter sets, use string normalization, and understand the basic syntax of regular expressions.
Configure and deploy custom correlation rules within the correlation editor.
Watch Lists and Alarms
Create and configure watch lists and alarms.
Create and configure reports.
Perform routine maintenance on Enterprise Security Manager, including updates and clearing policy modifications and rule updates.
Perform troubleshooting steps associated with login issues, operating systems and browser-specific issues, hardware issues, and Enterprise Security Manager dashboard issues.
Use Case Design
Understand how the Enterprise Security Manager interface dashboards and views are used to identify specific events and incidents.