ArcSight ESM Administrator and Analyst (ESM200)
In this course we teach our trainees to use the ArcSight console and ArcSight Command Center user interfaces to monitor security events, configure ESM and manage users as well as ESM network intelligence resources.

Effort and duration


Delivery formats


Training is available as a private session onsite.
ILT - Instructor Led
VILT - Virtual Instructor Led
Audience / Job roles

This course is intended for:

This course is intended for ESM System Administrators or Analysts
Course description
In this introductory course learners use the ArcSight console and ArcSight Command Center user interfaces to monitor security events, configure ESM and manage users as well as ESM network intelligence resources. Using ArcSight ESM workflow, participants isolate, document, escalate, and resolve security incidents. The hands-on labs for this course use ESM version 7.0 patch 1
Course Objectives

Upon successful completion of this course, you should be able to:

Make ArcSight ESM operational upon initial installation
Describe how ESM works in the context of your network
Create user accounts
Implement built-in content
Populate ESM with your network and assets to identify endpoints involved in an event
Create site-specific business-oriented views
Investigate, identify, analyze and remediate exposed security issues
Use workflow management to provide real-time incident response and escalation tracking
Modify and run standard reports to provide situational awareness and network status
Establish ESM peering across multiple ESM instances
Perform distributed event search and content management
Prerequisites and Recommended Skills

To be successful in this course, you should have the following prerequisites or knowledge:

Working knowledge of enterprise security, event and log management
  • Accredited Software Professional
  • Certified Software Expert
Course Topics
ESM Overview
  • List typical responsibilities and skill requirements for each ArcSight ESM User Role
  • Describe ESM Components
  • Identify ESM Communication Strategy used between various devices and components in an ESM Network
  • Identify various ESM Resources
Command Center
  • Use the ArcSight Command Center Help Facility
  • Navigate ArcSight Command Center functions
  • Reset your user password
ESM ConsoleInstall, customize and explore the functionality of the ESM console
ConnectorsConnectors gather data from various sources then send the data to ESM in the form of events.
ArcSight MarketplaceThe Marketplace offers standard content packages you can install that address common business and security cases.
Schema, Fieldsets, & Active ChannelsCreate an Active Channel to display event information. Discuss the differences between a Live Channel, Rules Channel, and a Resource Channel.
FiltersCreate a filter to narrow the data you want to monitor in ESM.
Dashboards & Data MonitorsCreate Data Monitors and display them on Dashboards.
Rules & ListsDiscuss the types of rules, create a rule and apply it to a list.
User AdministrationCreate users and grant access to specific resources.
NotificationsCreate a notification system to have various users notified when specified criteria is triggered.
Workflow & CasesDiscuss how people are informed about incidents and track their responses.
Queries & Query ViewersCreate a query viewer to get a quick, high-level summary of activity.
ReportsCreate reports that can be printed or viewed.
Content Management & PeeringContent management gives you the ability to push ESM content in the form of packages from a single ESM Manager to a peer ESM known as subscriber.
Event SearchSearch for specific events using simple to complex search techniques.
Contact us.

Your name

Your e-mail

Your message

Or write here