McAfee SIEM Course Content

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 2

McAfee Security Information and Event Management (SIEM) Course Outline

Module 1: SIEM Overview


1. What is SIEM
2. How a SIEM is used
3. McAfee SIEM Architecture and Components
4. Deployment Scenarios and Sizing
Module 2: ESM Overview
1. McAfee Enterprise Security Manager (ESM)
2. System Properties and Information
3. Configuration Options and Settings
4. Software Updates
5. Backups
6. User and Group Administration
7. System Logs
8. Login Security
Module 3: Receiver Overview
1. McAfee Receiver
2. Properties and Information
3. Configuration Options and Settings
4. Vulnerability Assessment
5. Asset Sources
Module 4: ESMI Views
1. The Big Data Problem
2. Common Log Management Challenges
3. Content Aware Views
4. McAfee ESMI Desktop Components
5. McAfee Standard Views
6. Creating and Editing Custom Views
7. Data Binding
Module 5: Receiver Data Source
Configuration
1. Receiver Data Sources
2. Client Data Sources
3. Child Data Sources
4. Data Source Profiles
5. Auto Learn Data Sources
6. Configuring Common Data Sources
Module 6: Aggregation
1. Event Aggregation
2. McAfee Event Aggregation Levels
3. Custom field Event Aggregation
4. Flow Aggregation
5. Flow Aggregation Levels
6. Flow Port Aggregation
Module 7: Policy Editor
1. Policy Editor Overview
2. Policy Editor Navigation
3. Configuring McAfee SIEM Policies
4. Rule Types
5. Rule and Variable Configuration
6. Advanced Syslog Parser
Module 8: Correlation
1. The SIEM Functional Stack
2. Normalization
3. Event Correlation
4. Receiver Event Correlation Configuration
5. Add a correlation component
6. Roll out correlation policy
7. Edit correlation rules
8. Create custom correlation rules
9. McAfee ACE Overview
Module 9: Alarms and Watch lists
1. Alarms
2. Creating Alarms
3. Alarm Settings, Conditions and Actions
4. Alarm Logs
5. Triggered Alarms View
6. Watch lists
Module 10: SIEM Workflow
1. SIEM Workflows and Views
2. Example Investigation
3. Case Management
4. Event Forwarding
Module 11: Reporting
1. Reporting
2. Out of the Box Reports
3. Creating Reports
4. Customizing Reports
5. Report Query Wizard
6. Configuring Delivery of Reports
Module 12: Working with ELM
1. ELM Properties
2. ELM Terminology
3. Adding a ELM Device
4. Estimating ELM Storage
5. Configuring ELM and Storage Pools
6. ELM Compression
7. ELM Data Searching
8. ELM Integrity Checking
9. Enhanced ELM

You might also like