Professional Documents
Culture Documents
Ds Siem Administration PDF
Ds Siem Administration PDF
Ds Siem Administration PDF
Highlights
McAfee Enterprise Log
Manager configuration.
McAfee Enterprise Security
Manager installation and
configuration.
Working with the Receiver.
Working with the Advanced
Correlation Engine.
Adding data sources.
Working with the policy
editor.
Generating alarms and watchlists,
and developing reports.
Course Outline
Chapter 1: SIEM Overview
What Is SIEM?
Receiver Properties
SIEM Architecture
Deployment Scenarios
FIPS
Asset Manager
Implementation Process
Change Control
Receiver Redundancy
Receiver Overview/Properties
Chapter 5: Aggregation
Event Aggregation
Dynamic Aggregation
Customizing Aggregation
Flow Aggregation
Port Values
Default Policy
ESMI Views
Normalization
Rule Variables
Severity Weights
Situational Awareness
Rule Types
Rule Inheritance
Views Toolbar
Filters
Custom Views
Data Binding
Chapter 7: Correlation
Event Normalization
SAN volumes
Receiver Correlation
iSCSI Configuration
ELM Data
Login Troubleshooting
Creating Alarms
Alarm Settings
Hardware Issues
Alarm Details
Triggering Alarms
Watchlists
Creating Watchlists
ESM Settings
Chapter 9: Reporting
Out-of-Box Reports
Event Drilldown
Event Analysis
Report Properties
Create Reports
Report Layout
Document Properties
Report Conditions
Query Wizard
Report Filter
Viewing Reports
Case Management
ELM Terminology
McAfee, the McAfee logo, ePolicy Orchestrator, and Foundstone are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States
and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for
information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 McAfee, Inc.
es_ds_admin-course-siem_0914