• Cisco Training Courses

    Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

    View More

    Cisco Certifications

    Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

    View More

    Cisco Learning Credits

    Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

    Have CLCs and want to redeem them?

    Cisco Continuing Education

    The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

    View More

    Cisco Digital Learning

    Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

    Browse CDLL Catalogue

    Cisco Business Enablement

    The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

    View More

    Fortinet Technical Certifications

    The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

    View More

    Fortinet Technical Courses

    Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

    View More

    ATC Status

    Check our ATC Status across selected countries in Europe.

    View More

    Fortinet Services Packages

    Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

    Browse Packages

    Prepforce Bootcamp

    The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

    View More

    Microsoft Training

    Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

    View More

    Technical Training

    The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

    View More

    ATP Accreditation

    As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

    View More

    What we do

    Through our global presence and partner ecosystem, we provide strategic IT consulting services to align IT services with customers´ business goals

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    Our Mission: Provide an expert set of modern & leading edge Network Automation skills to the market through professional services.

     

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    We provide comprehensive IoT consultancy, deployment and support solutions for businesses that want to launch or improve their use of connected technologies. You’ll have the expert guidance you need to streamline operations, increase efficiency and maximize outcomes.

    View More

     

    We help organisations to deploy Software-Defined Networking (SDN) solutions, such as Cisco DNA. Besides, our team has extensive experience in integrating Cisco DNA Center with third-party systems

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure

     

    View More

     

    The Insoft experts’ team can help enterprises get the most value from Extreme products and services following our predefined value-added packages or custom ones that fit business needs

     

    View More

    About Us

    Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

    View More

    ESM 101 – Enterprise Security Manager SIEM Administration

    X

    Contact Us

    We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

    Subscribe

    I'd like to receive emails with the latest updates and promotions from Insoft.

    Data Protection & Privacy

    I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.


    ESM 101 – Enterprise Security Manager SIEM Administration

    Enroll Now
    ESM 101 – Enterprise Security Manager SIEM Administration
    Duration
    4 Days
    Delivery
    (Online and onsite)
    Price
    Price Upon Request
    Enterprise Security Manager—the heart of our security information and event management (SIEM) solution—provides near real-time visibility into the activity on all your systems, networks, databases, and applications. This enables you to detect, correlate, and remedy threats in minutes across your entire IT infrastructure. This course prepares Enterprise Security Manager engineers and analysts to understand, communicate, and use the features provided by Enterprise Security Manager. Through hands-on lab exercises, you will learn how to optimize the Enterprise Security Manager by using recommended best practices and methodologies.

    Enterprise Security Manager Overview

    Define Enterprise Security Manager and SIEM concepts, identify appliances and their features, and describe the Enterprise Security Manager solution component architecture.

    Devices

    Configure and customize receiver data sources and data source profiles.

    Enterprise Log Manager and Enterprise Log Search

    Configure Enterprise Log Manager settings and mirror Enterprise Log Manager data storage.

    Enterprise Security Manager Views

    Effectively navigate the Enterprise Security Manager dashboard and create custom Enterprise Security Manager data views.

    Data Sources

    Locate events and manage cases using a variety of data sources, assets, and enriched data

    Aggregation

    Customize event and flow aggregation fields on a per- signature basis, and define the advantages and nuances associated with event and flow aggregation.

    Policy Editor

    Create, modify, and delete Enterprise Security Manager policies within the policy editor.

    Query Filters

    Apply filters in views, create filter sets, use string normalization, and understand the basic syntax of regular expressions.

    Correlation

    Configure and deploy custom correlation rules within the correlation editor.

    Watch Lists and Alarms

    Create and configure watch lists and alarms.

    Reports

    Create and configure reports.

    System Management

    Perform routine maintenance on Enterprise Security Manager, including updates and clearing policy modifications and rule updates.

    Troubleshooting

    Perform troubleshooting steps associated with login issues, operating systems and browser-specific issues, hardware issues, and Enterprise Security Manager dashboard issues.

    Use Case Design

    Understand how the Enterprise Security Manager interface dashboards and views are used to identify specific events and incidents.

    Day 1

    • Course Introduction
    • Architecture Overview
    • Devices and Settings
    • ESM Interface and Views

    Day 2

    • Data Sources
    • Working with the ELM and ELS
    • Event Analysis
    • Aggregation

    Day 3

    • Watchlists and Policy Editor
    • Query Filters
    • Rule Correlation
    • Alarms

    Day 4

    • Workflow and Analysis
    • Reports
    • System Maintenance and Troubleshooting
    • Intro to Use Case Design

    This course is aimed at Enterprise Security Manager users, responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution. Attendees should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.

    It is recommended that students have a working knowledge of networking and system administration concepts.

    Overview

    Enterprise Security Manager—the heart of our security information and event management (SIEM) solution—provides near real-time visibility into the activity on all your systems, networks, databases, and applications. This enables you to detect, correlate, and remedy threats in minutes across your entire IT infrastructure. This course prepares Enterprise Security Manager engineers and analysts to understand, communicate, and use the features provided by Enterprise Security Manager. Through hands-on lab exercises, you will learn how to optimize the Enterprise Security Manager by using recommended best practices and methodologies.

    Enterprise Security Manager Overview

    Define Enterprise Security Manager and SIEM concepts, identify appliances and their features, and describe the Enterprise Security Manager solution component architecture.

    Devices

    Configure and customize receiver data sources and data source profiles.

    Enterprise Log Manager and Enterprise Log Search

    Configure Enterprise Log Manager settings and mirror Enterprise Log Manager data storage.

    Enterprise Security Manager Views

    Effectively navigate the Enterprise Security Manager dashboard and create custom Enterprise Security Manager data views.

    Data Sources

    Locate events and manage cases using a variety of data sources, assets, and enriched data

    Aggregation

    Customize event and flow aggregation fields on a per- signature basis, and define the advantages and nuances associated with event and flow aggregation.

    Policy Editor

    Create, modify, and delete Enterprise Security Manager policies within the policy editor.

    Query Filters

    Apply filters in views, create filter sets, use string normalization, and understand the basic syntax of regular expressions.

    Correlation

    Configure and deploy custom correlation rules within the correlation editor.

    Watch Lists and Alarms

    Create and configure watch lists and alarms.

    Reports

    Create and configure reports.

    System Management

    Perform routine maintenance on Enterprise Security Manager, including updates and clearing policy modifications and rule updates.

    Troubleshooting

    Perform troubleshooting steps associated with login issues, operating systems and browser-specific issues, hardware issues, and Enterprise Security Manager dashboard issues.

    Use Case Design

    Understand how the Enterprise Security Manager interface dashboards and views are used to identify specific events and incidents.

    Day 1

    • Course Introduction
    • Architecture Overview
    • Devices and Settings
    • ESM Interface and Views

    Day 2

    • Data Sources
    • Working with the ELM and ELS
    • Event Analysis
    • Aggregation

    Day 3

    • Watchlists and Policy Editor
    • Query Filters
    • Rule Correlation
    • Alarms

    Day 4

    • Workflow and Analysis
    • Reports
    • System Maintenance and Troubleshooting
    • Intro to Use Case Design

    This course is aimed at Enterprise Security Manager users, responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution. Attendees should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.

    It is recommended that students have a working knowledge of networking and system administration concepts.

      Upcoming Dates
    • ` Apr 3 - Apr 6, 2023
    • ` May 1 - May 4, 2023
    • ` May 29 - Jun 1, 2023
    • ` Jun 26 - Jun 29, 2023
    • ` Jul 24 - Jul 27, 2023
    • ` Aug 21 - Aug 24, 2023
    Filter

    Follow Up Courses

    Filter