8209 Sentinel Log Manager 1.1 – 3 dagar

Pris: 18.200 sek

Course Overview

Novell Sentinel Log Manager 1.1 provides high event-rate processing, long-term data retention, and regional data aggregation. It also provides simple searching and reporting functionality for a broad range of applications and devices. Novell Sentinel Log Manager collects data from a wide variety of devices, including intrusion detection systems, firewall, operating systems, routers, Web servers, databases, switches, mainframes, and anti virus event sources. In this course you install, configure, and collect event data from several of these sources.

Training Level: 2 – Intermediate

Duration: 3 Days

Key Objectives

During this course, some of the key objectives you will learn are:
Installation and configuration of the Sentinel 1.1 software appliance
Policy-based data storage and archiving
Data collection of syslog and auditing logs
Remote Collector Manager installation and configuration
Using Tags in searching and reporting
Report field control using One-click reporting
Configuring Distributed Search
New rules and actions
Using Sentinel Link to escalate

Audience Summary

This course is designed for security analysts and administrators who will be installing, configuring and managing the day-to-day upkeep of Sentinel Log Manager. It additionally provides an update to the Course 8205, Secure Log Manager 1.0.

Course Prerequisites

Before taking this course, you should have a basic understanding of the current Log Management and Security Information Event Management (SIEM) marketplace.

Course Outline

During this course, you learn the following:

SECTION 1 – Introduction to Sentinel Log Manager 1.1

Objectives: Differences – SEIM vs log management – What is Sentinel Log Manager? – Data and logic flow architecture Sentinel Log Manager interfaces

SECTION 2 – Data Storage

Objectives: Configuring data storage  – Data archiving – Data retention policies – Configuring disk space usage – Verifying Raw data files – Archive data capacity – Sequential-access storage

SECTION 3 – Data Collection

Objectives: Event Source Management – Setting up Syslog server – Setting up Audit server – Components – Performing text-refined searches – Managing Tags

SECTION 4 – Remote Collector Manager

Objectives: Advantages of additional collector managers – Adding and configuring a new collector manager – ActiveMQ Keys – Windows WMS services

SECTION 5 – Administration

Objectives: Users and groups – Tagging – Creating LDAP user accounts – LDAP authentication – Permissions – Security filters

SECTION 6 – Queries

Objectives: Running a search – Refining searches – Viewing results – Exporting search results – Saving a query as a template

SECTION 7 – Reporting

Objectives: Running and scheduling reports – Viewing reports – Report Parameters – Extracting, adding, deleting and renaming reports – Marking results – Favorites – Exporting reports

SECTION 8 – Distributed Search

Objectives: Configuring a server for Distributed Search – Searching event data – Managing event data – Running reports – Troubleshooting Distributed Search

SECTION 9 – Rules and Actions

Objectives: Configuring rules and actions – Handling auto-created sources and more!