Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Similar documents
AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

How to send s triggered by events

How To Manage Security On A Networked Computer System

The SIEM Evaluator s Guide

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Discover Security That s Highly Intelligent.

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

Deploying HIDS Client to Windows Hosts

WHAT IS LOG CORRELATION? Understanding the most powerful feature of SIEM

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Unified Security Management and Open Threat Exchange

Device Integration: CyberGuard SG565

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Device Integration: Checkpoint Firewall-1

Intrusion Detection in AlienVault

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

User Management Guide

Monitoring VMware ESX Virtual Switches

Device Integration: Cisco Wireless LAN Controller (WLC)

THE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing

Network Metrics Content Pack for VMware vrealize Log Insight

Assets, Groups & Networks

Designing a Microsoft SharePoint 2010 Infrastructure

Suricata IDS. What is it and how to enable it

McAfee Security Information Event Management (SIEM) Administration Course 101

Implementing Cisco Intrusion Prevention System 7.0 (IPS)

Device Integration: Citrix NetScaler

Module: Sharepoint Administrator

IBM Security QRadar SIEM Version MR1. Administration Guide

How To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)

Juniper Secure Analytics Release Notes

Table of Contents. Introduction. Audience. At Course Completion

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Administering the Web Server (IIS) Role of Windows Server

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

55034-Project Server 2013 Inside Out

MS 10972A Administering the Web Server (IIS) Role of Windows Server

How To Create Situational Awareness

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

10972-Administering the Web Server (IIS) Role of Windows Server

Managing Enterprise Devices and Apps using System Center Configuration Manager

Cisco Unified MobilityManager Version 1.2

About this Course This 5 day ILT course teaches IT Professionals to design and deploy Microsoft SharePoint 2010.

How to build and run a Security Operations Center

McAfee Network Security Platform Administration Course

Administering the Web Server (IIS) Role of Windows Server

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

LEARNING SOLUTIONS website milner.com/learning phone

What s New in Security Analytics Be the Hunter.. Not the Hunted

MS-55115: Planning, Deploying and Managing Microsoft Project Server 2013

QRadar SIEM and FireEye MPS Integration

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Computer Security: Principles and Practice

IBM Security QRadar Vulnerability Manager Version User Guide

ITG Software Engineering

Project Server 2013 Inside Out Course 55034; 5 Days, Instructor-led

Lab Configuring Access Policies and DMZ Settings

Cisco Advanced Services for Network Security

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

ASDI Full Audit Guideline Federal Aviation Administration

Course 55115: Planning, Deploying and Managing Microsoft Project Server 2013

information security and its Describe what drives the need for information security.

SP Designing a Microsoft SharePoint 2010 Infrastructure

Obtaining Enterprise Cybersituational

Symantec Security Information Manager 4.5 Administrator's Guide

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 9

IBM Security QRadar Vulnerability Manager Version User Guide IBM

5 Steps to Implement & Maintain PCI DSS Compliance.

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Intelligent. Data Sheet

Cybersecurity Health Check At A Glance

Tenable for CyberArk

Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System

Course 55034A: Microsoft Project Server 2013 Inside Out

QRadar SIEM and Zscaler Nanolog Streaming Service

MS Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

GE Measurement & Control. Cyber Security for Industrial Controls

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

SANS Top 20 Critical Controls for Effective Cyber Defense

Automate PCI Compliance Monitoring, Investigation & Reporting

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Official Cert Guide. CCNP Security IPS Odunayo Adesina, CCIE No Keith Barker, CCIE No Cisco Press.

How to enable File Integrity Monitoring (FIM)

EXCHANGE SERVER 2013 MESSAGING

What s happening in the area of E-security for the Financial Transactions in China

Protecting Critical Infrastructure

Moving the TRITON Reporting Databases

IBM Security IBM Corporation IBM Corporation

Unified Security Management vs. SIEM

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 SP1

Company & Solution Profile

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

Managing and Maintaining Windows Server 2008 Servers

Designing a Microsoft SharePoint 2010 Infrastructure

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Transcription:

Module 1: Overview This module provides an overview of the AlienVault Unified Security Management (USM) solution. Upon completing this module, you will meet these objectives: Describe the goal of network security. Provide an overview of AlienVault USM. Describe AlienVault Threat Intelligence. Describe AlienVault USM architecture. This module includes these topics: Network Security AlienVault USM Overview AlienVault Threat Intelligence AlienVault USM Architecture Module 2: AlienVault USM Solution Deployment This module describes AlienVault Unified Security Management (USM) deployment options and explains how to prepare for the deployment. Upon completing this module, you will meet these objectives: Describe AlienVault deployment types. Provide AlienVault deployment examples. Describe AlienVault component profiles. Describe how to prepare for AlienVault deployment. Describe AlienVault deployment best practices. Deployment Types Deployment Examples AlienVault Component Profiles Deployment Preparation Deployment Best Practices Lab 2-1: AlienVault USM Solution Deployment Module 3: AlienVault USM Basic Configuration This module describes AlienVault Unified Security Management (USM) installation, basic configuration and verification, and graphical user interface. Upon completing this module, you will meet these objectives: Deploy and install AlienVault USM. Describe AlienVault USM graphical user interface. Initially configure AlienVault USM. Verify basic AlienVault USM operations. 1 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.

Initial Configuration AlienVault USM User Interface Basic Configuration Lab 3-1: AlienVault USM Basic Configuration Verify Basic Operations Lab 3-2: Verify AlienVault USM Basic Operations Module 4: Asset Management This module describes AlienVault Unified Security Management (USM) asset management. Upon completing this module, you will meet these objectives: Describe AlienVault USM assets. Describe asset management. Configure asset groups. Configure networks and network groups. Configure asset discovery. Assets Assets Management Asset Groups Networks and Network Groups Asset Discovery Lab 4-1: Manage AlienVault USM Assets Module 5: Security Intelligence This module describes AlienVault Unified Security Management (USM) security intelligence, which utilizes data source plugins to normalize events from various data sources. It also includes correlation to detect security threats by tracking behavior patterns, as well as Open Threat exchange (OTX) to provide reputation data on offending IP addresses. Upon completing this module, you will meet these objectives: Describe data aggregation and normalization. Describe data sources and data source plugins. Describe events and risk calculation. Describe logical correlation and cross-correlation. Provide an overview of OTX. This module includes these topics: Data Aggregation and Detection Data Sources Events and Risk Calculation 2 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.

Correlation OTX Review Module 6: Policies and Actions This module describes AlienVault Unified Security Management (USM) policies which are used to influence event processing, and to filter unnecessary events and false positives. The module also describes actions that can be configured as policy consequences. Upon completing this module, you will meet these objectives: Describe AlienVault USM policies. Describe AlienVault USM actions. Configure policies and actions. Policies Actions Configure Policies Lab 6-1: Configure Policies and Actions Module 7: Security Analysis This module describes security analysis of alarms and events produced by AlienVault Unified Security Management (USM). The module starts with a description of a security analysis process, then reviews Dashboards and Alarms, and then gives a detailed breakdown of the steps and tools available during the process of security analysis. Upon completing this module, you will meet these objectives: Describe AlienVault USM security analysis process. Evaluate AlienVault USM dashboards. Evaluate AlienVault USM alarms. Evaluate AlienVault USM OTX data and external resources. Use the AlienVault USM ticketing system. Evaluate AlienVault USM events. Evaluate AlienVault USM assets and vulnerabilities. Evaluate AlienVault USM raw logs. Use the integrated Tshark packet capture tool. Evaluate AlienVault USM dashboards. Security Analysis Process Examine Dashboards Examine Alarms Examine OTX Data and External Resources Tickets AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved 3

Examine Events Examine Assets and Vulnerabilities Examine Raw Logs Capture Packets Module 8: Reporting Lab 7-1: Perform Security Analysis This module describes AlienVault Unified Security Management (USM) reporting. The module first describes reporting system. The module describes how to generate, view, and schedule reports, and how to customize reports or how to generate custom ones. Upon completing this module, you will meet these objectives: Describe AlienVault USM reporting system. Run, schedule, and view a report. Create custom reports, modules, and layouts. Reports Running Reports Creating Custom Reports Lab 8-1: Run, Schedule, and Customize a Report Module 9: Threat Detection This module describes AlienVault Unified Security Management (USM) threat detection functionalities. The module first describes the Intrusion Detection System (IDS). Then the module describes three types of AlienVault USM IDS functionalities: network IDS, host IDS, and wireless IDS. The module also describes the AlienVault USM vulnerability assessment functionality. Upon completing this module, you will meet these objectives: Describe IDS system. Configure AlienVault USM network IDS. Configure AlienVault USM host IDS. Configure AlienVault USM wireless IDS. Configure and perform AlienVault USM vulnerability assessment. Configure AlienVault USM network IDS. IDS System Network IDS Host IDS Wireless IDS Vulnerability Assessment Lab 9-1: Deploy AlienVault USM Threat Detection Features 4 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.

Module 10: Behavioral Monitoring This module describes AlienVault Unified Security Management (USM) behavioral monitoring functionalities. The module first (briefly) describes log collection. Then the module describes AlienVault USM NetFlow collection. The module also explains the AlienVault USM availability monitoring functionality. Upon completing this module, you will meet these objectives: Describe and configure AlienVault USM log collection. Describe and configure AlienVault USM NetFlow collection. Describe and configure AlienVault USM availability monitoring. Log Collection NetFlow Availability Monitoring Lab 10-1: Deploy AlienVault USM Availability Monitoring Module 11: Customizing Security Intelligence This module describes how to customize security intelligence in AlienVault Unified Security Management (USM) system. The module first describes how to customize or create custom data source plugins. Then the module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives: Customize data source plugins. Customize correlation directives. Customizing Data Source Plugins Customizing Correlation Directives Lab 11-1: Customize Security Intelligence Module 12: System Maintenance This module describes AlienVault Unified Security Management (USM) system maintenance. The module first describes for how long AlienVault USM stores alarms, events, and logs, and how you can modify retention settings. Then the module describes how to perform events and full system backup and restore. The module also describes how to update the AlienVault USM system and threat intelligence feeds, and how to perform factory default restore. Upon completing this module, you will meet these objectives: Describe AlienVault USM alarms, events, and logs retention. Describe how to perform backup and restore of events data. Describe how to upgrade AlienVault USM system and threat intelligence feed. Describe how to perform AlienVault USM full system backup and restore. Describe how to perform AlienVault USM factory default restore. AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved 5

Events, Alarms, and Logs Retention Events Backup and Restore Upgrading System and Threat Intelligence Feed Full System Backup and Restore System Factory Default Restore Lab 12-1: Maintain AlienVault USM System Module 13: Administrative User Management This module describes AlienVault Unified Security Management (USM) administrative user management. The module first describes what administrative users are required for. Then the module describes how to change settings of an administartive user, how to manage administrative user accounts, and how to manage global authentication settings. The module also describes administrative user activity accounting, and how to perform admin user account password recovery. Upon completing this module, you will meet these objectives: Describe administrative user management. Manage my user profile. Manage administrative users. Describe administrative user accounting. Manage global authentications settings. Recover admin user account password. Administrative User Management Manage My User Profile Manage Administrative Users Manage Global Authentication Settings Administrative User Accounting Recover Admin Password Lab 13-1: Manage Administrative Users Module 14: Complex Deployment This module describes AlienVault Unified Security Management (USM) complex deployment. The module first provides some examples when distributed deployment is required. Then the module describes how to scale the AlienVault system. The module also describes AlienVault Center, and correlation contexts and entities. Upon completing this module, you will meet these objectives: Describe AlienVault USM deployments. Scale AlienVault USM deployment. Describe AlienVault Center. Describe correlation contexts and entities. 6 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.

AlienVault USM Deployments Scaling AlienVault USM System AlienVault Center Correlation Contexts and Entities AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information