Module 1: Overview This module provides an overview of the AlienVault Unified Security Management (USM) solution. Upon completing this module, you will meet these objectives: Describe the goal of network security. Provide an overview of AlienVault USM. Describe AlienVault Threat Intelligence. Describe AlienVault USM architecture. This module includes these topics: Network Security AlienVault USM Overview AlienVault Threat Intelligence AlienVault USM Architecture Module 2: AlienVault USM Solution Deployment This module describes AlienVault Unified Security Management (USM) deployment options and explains how to prepare for the deployment. Upon completing this module, you will meet these objectives: Describe AlienVault deployment types. Provide AlienVault deployment examples. Describe AlienVault component profiles. Describe how to prepare for AlienVault deployment. Describe AlienVault deployment best practices. Deployment Types Deployment Examples AlienVault Component Profiles Deployment Preparation Deployment Best Practices Lab 2-1: AlienVault USM Solution Deployment Module 3: AlienVault USM Basic Configuration This module describes AlienVault Unified Security Management (USM) installation, basic configuration and verification, and graphical user interface. Upon completing this module, you will meet these objectives: Deploy and install AlienVault USM. Describe AlienVault USM graphical user interface. Initially configure AlienVault USM. Verify basic AlienVault USM operations. 1 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.
Initial Configuration AlienVault USM User Interface Basic Configuration Lab 3-1: AlienVault USM Basic Configuration Verify Basic Operations Lab 3-2: Verify AlienVault USM Basic Operations Module 4: Asset Management This module describes AlienVault Unified Security Management (USM) asset management. Upon completing this module, you will meet these objectives: Describe AlienVault USM assets. Describe asset management. Configure asset groups. Configure networks and network groups. Configure asset discovery. Assets Assets Management Asset Groups Networks and Network Groups Asset Discovery Lab 4-1: Manage AlienVault USM Assets Module 5: Security Intelligence This module describes AlienVault Unified Security Management (USM) security intelligence, which utilizes data source plugins to normalize events from various data sources. It also includes correlation to detect security threats by tracking behavior patterns, as well as Open Threat exchange (OTX) to provide reputation data on offending IP addresses. Upon completing this module, you will meet these objectives: Describe data aggregation and normalization. Describe data sources and data source plugins. Describe events and risk calculation. Describe logical correlation and cross-correlation. Provide an overview of OTX. This module includes these topics: Data Aggregation and Detection Data Sources Events and Risk Calculation 2 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.
Correlation OTX Review Module 6: Policies and Actions This module describes AlienVault Unified Security Management (USM) policies which are used to influence event processing, and to filter unnecessary events and false positives. The module also describes actions that can be configured as policy consequences. Upon completing this module, you will meet these objectives: Describe AlienVault USM policies. Describe AlienVault USM actions. Configure policies and actions. Policies Actions Configure Policies Lab 6-1: Configure Policies and Actions Module 7: Security Analysis This module describes security analysis of alarms and events produced by AlienVault Unified Security Management (USM). The module starts with a description of a security analysis process, then reviews Dashboards and Alarms, and then gives a detailed breakdown of the steps and tools available during the process of security analysis. Upon completing this module, you will meet these objectives: Describe AlienVault USM security analysis process. Evaluate AlienVault USM dashboards. Evaluate AlienVault USM alarms. Evaluate AlienVault USM OTX data and external resources. Use the AlienVault USM ticketing system. Evaluate AlienVault USM events. Evaluate AlienVault USM assets and vulnerabilities. Evaluate AlienVault USM raw logs. Use the integrated Tshark packet capture tool. Evaluate AlienVault USM dashboards. Security Analysis Process Examine Dashboards Examine Alarms Examine OTX Data and External Resources Tickets AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved 3
Examine Events Examine Assets and Vulnerabilities Examine Raw Logs Capture Packets Module 8: Reporting Lab 7-1: Perform Security Analysis This module describes AlienVault Unified Security Management (USM) reporting. The module first describes reporting system. The module describes how to generate, view, and schedule reports, and how to customize reports or how to generate custom ones. Upon completing this module, you will meet these objectives: Describe AlienVault USM reporting system. Run, schedule, and view a report. Create custom reports, modules, and layouts. Reports Running Reports Creating Custom Reports Lab 8-1: Run, Schedule, and Customize a Report Module 9: Threat Detection This module describes AlienVault Unified Security Management (USM) threat detection functionalities. The module first describes the Intrusion Detection System (IDS). Then the module describes three types of AlienVault USM IDS functionalities: network IDS, host IDS, and wireless IDS. The module also describes the AlienVault USM vulnerability assessment functionality. Upon completing this module, you will meet these objectives: Describe IDS system. Configure AlienVault USM network IDS. Configure AlienVault USM host IDS. Configure AlienVault USM wireless IDS. Configure and perform AlienVault USM vulnerability assessment. Configure AlienVault USM network IDS. IDS System Network IDS Host IDS Wireless IDS Vulnerability Assessment Lab 9-1: Deploy AlienVault USM Threat Detection Features 4 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.
Module 10: Behavioral Monitoring This module describes AlienVault Unified Security Management (USM) behavioral monitoring functionalities. The module first (briefly) describes log collection. Then the module describes AlienVault USM NetFlow collection. The module also explains the AlienVault USM availability monitoring functionality. Upon completing this module, you will meet these objectives: Describe and configure AlienVault USM log collection. Describe and configure AlienVault USM NetFlow collection. Describe and configure AlienVault USM availability monitoring. Log Collection NetFlow Availability Monitoring Lab 10-1: Deploy AlienVault USM Availability Monitoring Module 11: Customizing Security Intelligence This module describes how to customize security intelligence in AlienVault Unified Security Management (USM) system. The module first describes how to customize or create custom data source plugins. Then the module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives: Customize data source plugins. Customize correlation directives. Customizing Data Source Plugins Customizing Correlation Directives Lab 11-1: Customize Security Intelligence Module 12: System Maintenance This module describes AlienVault Unified Security Management (USM) system maintenance. The module first describes for how long AlienVault USM stores alarms, events, and logs, and how you can modify retention settings. Then the module describes how to perform events and full system backup and restore. The module also describes how to update the AlienVault USM system and threat intelligence feeds, and how to perform factory default restore. Upon completing this module, you will meet these objectives: Describe AlienVault USM alarms, events, and logs retention. Describe how to perform backup and restore of events data. Describe how to upgrade AlienVault USM system and threat intelligence feed. Describe how to perform AlienVault USM full system backup and restore. Describe how to perform AlienVault USM factory default restore. AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved 5
Events, Alarms, and Logs Retention Events Backup and Restore Upgrading System and Threat Intelligence Feed Full System Backup and Restore System Factory Default Restore Lab 12-1: Maintain AlienVault USM System Module 13: Administrative User Management This module describes AlienVault Unified Security Management (USM) administrative user management. The module first describes what administrative users are required for. Then the module describes how to change settings of an administartive user, how to manage administrative user accounts, and how to manage global authentication settings. The module also describes administrative user activity accounting, and how to perform admin user account password recovery. Upon completing this module, you will meet these objectives: Describe administrative user management. Manage my user profile. Manage administrative users. Describe administrative user accounting. Manage global authentications settings. Recover admin user account password. Administrative User Management Manage My User Profile Manage Administrative Users Manage Global Authentication Settings Administrative User Accounting Recover Admin Password Lab 13-1: Manage Administrative Users Module 14: Complex Deployment This module describes AlienVault Unified Security Management (USM) complex deployment. The module first provides some examples when distributed deployment is required. Then the module describes how to scale the AlienVault system. The module also describes AlienVault Center, and correlation contexts and entities. Upon completing this module, you will meet these objectives: Describe AlienVault USM deployments. Scale AlienVault USM deployment. Describe AlienVault Center. Describe correlation contexts and entities. 6 AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved.
AlienVault USM Deployments Scaling AlienVault USM System AlienVault Center Correlation Contexts and Entities AlienVault USM for Security Engineers, V1.0 Copyright 2014 AlienVault. All rights reserved 7