Curso SIEM McAfee

  • Cyber Security

Curso SIEM McAfee

32h
Visão Geral

Este curso proporciona um conhecimento profundo sobre a concepção, configuração, configuração, fluxo de comunicação, e gestão de fontes de dados dos aparelhos SIEM.

Através de uma mistura de laboratórios práticos e palestras interativas, aprenderá como implementar eficazmente os aparelhos num ambiente empresarial complexo.

Objetivo

Após concluir o curso Curso SIEM McAfee, você será capaz de aprender:

  • Configurar o McAfee Enterprise Log Manager.
  • Instalar e configurar o McAfee Enterprise Security Manager.
  • Trabalhar com o receptor.
  • Trabalhar com o motor de correlação avançado.
  • Adicionar fontes de dados.
  • Trabalhar com o editor de políticas.
Publico Alvo
  • Administradores de sistema e de rede
  • Pessoal de Segurança
  • Auditores, e/ou Consultores preocupados com a Segurança de Redes e Sistemas
Informações Gerais

Carga Horária: 32h

  • Se noturno este curso é ministrado de Segunda-feira à sexta-feira, das 19h às 23h
  • Se aos sábados este curso é ministrado das 9h às 18h
  • Se in-company por favor fazer contato para mais detalhes.

Formato de entrega:

  • 100% on-line ao vivo, via Microsoft Teams na presença de um instrutor/consultor ativo no mercado.
  • Nota: não é curso gravado.

Lab:

  • Laboratório + Exercícios práticos  
Materiais
Português | Inglês
Conteúdo Programatico

SIEM Overview

  1. The Big Picture
  2. McAfee® Enterprise Log Manager (ELM)
  3. What is SIEM?
  4. McAfee® Advanced Correlation Engine (ACE)
  5. Large Centralized Deployment Example
  6. Risk Correlation
  7. McAfee® Event Receiver (ERC)
  8. Elusive Security Events
  9. McAfee® Application Data Monitor (ADM)
  10. Application Data Monitor (ADM)
  11. McAfee® Database Event Monitor (DEM)
  12. Advanced Correlation Engine (ACE)
  13. Event Aggregation
  14. Log Management and Retention
  15. Event Analysis and Workflow
  16. Follow Testing Procedures
  17. First-Time ESM Setup
  18. FIPS Compliant Mode
  19. Do Validation Testing
  20. McAfee SIEM Architecture – “Combo Boxes”
  21. Configure the Device Properties
  22. Event Normalization
  23. Add the Devices to the System
  24. Event Correlation
  25. Receiver (ERC)
  26. Enterprise Security Manager(ESM)
  27. Ensure end-user communications
  28. How SIEM is Used
  29. Apply Software Updates
  30. Security Information Management
  31. SIEM Components Overview
  32. Large Distributed Deployment Example
  33. Database Event Monitor (DEM)

ESM and Receiver Overview

  1. ESM Settings – File Maintenance
  2. ESM – Add User
  3. Practice 2: SIEM Users and Groups
  4. McAfee Enterprise Security Manager
  5. ESM – Profile Management
  6. ESM – Login Security
  7. McAfee Receiver
  8. ESM – Watchlists
  9. ESM – System Logs
  10. ESM – Add Privileges
  11. ESM – Users and Groups
  12. ESM – Add Group
  13. ESM – Reports
  14. Receiver HA

ESMI Views

  1. McAfee ESMI
  2. Key Dashboards
  3. The Data Problem
  4. Configure User-specific ESM Settings

Filtering, Watchlists, and Variables

  1. Syntax for contains and regex
  2. String Normalization
  3. String Normalization File
  4. Practice 4: Watchlists
  5. Points to consider when using contains or regex:
  6. Watchlists and Variables

Receiver Data Source Configuration

  1. Data Source Profiles
  2. Data Sources – WMI Event Logs
  3. Data Source Grouping
  4. Time Delta Page
  5. Real Time Data Enrichment
  6. Data Sources – Syslog
  7. Receiver Data Sources
  8. Data Sources – WMI
  9. Practice 5: Data Sources
  10. Data Sources – Auto Learn
  11. Importing and Exporting Data Sources
  12. Child Data Sources
  13. Discovered Assets
  14. Data Sources – Correlation Engine
  15. Data Sources – Generic Net Flow
  16. McAfee ePO
  17. Data Source Time Problems

Aggregation

  1. Flow Aggregation – Custom
  2. How Aggregation Works
  3. Port Values
  4. Start at Level Aggregation
  5. Flow Aggregation Levels
  6. Flow Aggregation
  7. Practice 6: Aggregation
  8. Level Aggregation
  9. Modify Event Aggregation Settings
  10. Aggregation Overview
  11. Flow Aggregation – Ports

 Policy Editor

  1. Practice 2: Using the Syslog Parser – Part 2
  2. Advanced Syslog Parser Rules
  3. Copy packet
  4. The Inheritance Icons
  5. Severity
  6. Rollout Policy Correlation
  7. Field Assignment Tab
  8. Severity Weights
  9. Policy Rollout
  10. Tools Menu
  11. Practice 1: Using the Syslog Parser – Part 1
  12. Data Source Rules – Auto Learned
  13. Rules Display Pane
  14. Policy Editor Overview
  15. Rule Properties – Settings
  16. Policy Change History
  17. Rule Inheritance
  18. Operations Menu
  19. Policy Status
  20. Action
  21. To copy a policy, follow the steps
  22. Export a Policy
  23. Parsing Tab
  24. Import a Policy
  25. Normalization Categories

Correlation

  1. Event Correlation Engine
  2. Optimized Risk Management
  3. Practice 2: Adding an ACE Appliance
  4. Criteria
  5. Scanning Single Server (Distributed Dictionary Attack)
  6. Practice 8.1: Correlation Rules
  7. Practice 8.3: Historical Correlation
  8. System penetration scenario
  9. Rollout Correlation Policy
  10. Rollout Correlation Policy

Notifications and Reporting

  1. Alarm Settings – Actions
  2. New Report Layout
  3. Email Report Recipients
  4. HA Failure
  5. Deviation from Baseline
  6. Field Match
  7. Alarm Settings – Escalation
  8. Device Status Change
  9. Practice 9.1: Creating Alarms
  10. Remove a Syslog Recipient
  11. View Running Reports
  12. FIPS Failure
  13. Specified Event Rate
  14. Device Failure
  15. Alarms Log
  16. Practice 9.2: Reporting
  17. Syslog Report Recipients
  18. View Report Files
  19. Section 5
  20. Designing Report Layout
  21. Alarm Settings Additional Notes
  22. Export views and reports
  23. SNMP Reports Recipients
  24. Email Report Groups
  25. Report Conditions
  26. Document Properties
  27. Query Wizard
  28. Triggered Alarms View
  29. Alarm Settings – Devices
  30. SMS Report Recipients
  31. Internal Event Match
  32. Additional Alarm Options
  33. UCF Report Filter
  34. Event Delta
  35. Add a Syslog Recipient
  36. Section 6
  37. Alarm Details

Working with ELM

  1. Configuring the ELM for Storage
  2. ELM Overview

Troubleshooting and System Management

  1. Device Status Alerts
  2. Reasons for Flags
  3. How to manually set the time if no NTP server is available
  4. ESM Login Screen Does Not Come Up on Linux Browser
  5. How to ensure that the update file is not corrupt
  6. How to access the terminal via the GUI
  7. ESM and ESMI Troubleshooting
  8. Beeping during initial startup
  9. How to initiate a callhome
  10. How to export the ESMI login history
  11. Manual rules updates
  12. Hardware Issues
  13. Unable to download rules from the McAfee servers
  14. The NGCP password for the ESMI desktop has been lost
  15. User can log in to ESMI but they have no rights
  16. How to determine if you are getting data from your data source
  17. Troubleshooting Upgrade to Version 9.5.0
  18. Unable to SSH or login to the ESM
  19. Device Status Window
  20. Update and Upgrade Issues
  21. Software Upgrade Process
  22. Operating System and Browser- specific Issues
  23. McAfee Technical Support
  24. Export/Download Troubleshooting When Using Windows 7
  25. McAfee SIEM Sizing Overview
  26. Login – unable to get the certificate using Firefox using IPv6 address
  27. How to obtain the serial number from a device
  28. ESM Settings – Database
TENHO INTERESSE

Cursos Relacionados

Curso Cybersecurity Foundations

32 horas

Curso CISSP - Certified Information Systems Security

32 horas

Curso Cissp Workshop - Gerenciamento de Indenidade e Acesso Operações

Curso Fundamentos de Sistemas de Informação de Segurança

32 horas

Curso CHFI - Computer Hacking Forensics Investigator

40 horas

Curso Cisco Cybersecurity segurança de redes com detecção de ameaças

32 Horas

Curso ISO / IEC 20000 Introdução

16 horas

Curso ISO IEC 27002 Fundamentos

16 horas