Vous êtes sur la page 1sur 4

Data Sheet

McAfee Product Education

McAfee Security Information Event Management (SIEM)
Administration Course
The McAfee SIEM Administration course from McAfee Education Services
provides attendees with hands-on training on the design, setup, configuration,
communication flow, and data source management of SIEM appliances. In addition,
students will understand how to effectively implement the appliances in a complex
enterprise environment.

McAfee Enterprise Log
Manager configuration.
McAfee Enterprise Security
Manager installation and
Working with the Receiver.
Working with the Advanced
Correlation Engine.
Adding data sources.
Working with the policy
Generating alarms and watchlists,
and developing reports.

What You Will Learn

At the end of this course, attendees should know
the benefits of the SIEM appliance; understand
the skills needed to successfully plan, design, and
implement SIEM following McAfee Professional
Services methodology; and be capable of installing
and configuring the appliance within their own
All topics are supported by hands-on exercises that
will test appliances with real-world scenarios using
guidelines in policy management, log aggregation,
event correlation, and tips for debugging.

Who Should Take This Class

System and network administrators, security
personnel, auditors, and/or consultants concerned
with network and system security should take
this course. It is recommended that the students
have a working knowledge of Microsoft Windows
administration, system administration concepts,
a basic understanding of computer security
concepts, and a working knowledge of McAfee
ePolicy Orchestrator software administration.
Four days.

Course Outline
Chapter 1: SIEM Overview

Chapter 4: Receiver Data Source Configuration

What Is SIEM?

Receiver Data Sources

How SIEM is used

Receiver Properties

SIEM Components Overview

Adding a Data Source

SIEM Architecture

Data Source Types

Identifying Business Needs and Stakeholders

Configuring Common Data Sources

Deployment Scenarios

Client Data Sources

SIEM Sizing Overview

Data Source Profiles

McAfee Enterprise Security Manager

Interface Setup

Data Source AutoLearn

Adding VA Data Sources


Asset Manager

Implementation Process

Real Time in Data Enrichment

Change Control

Chapter 2: McAfee Enterprise Security Manager and

Receiver Overview

McAfee Enterprise Security Manager

Properties Overview

McAfee Enterprise Security Manager Settings

Receiver Redundancy

Receiver Overview/Properties

Receiver Vulnerability Assessment

Receiver Asset Data Source

Receiver Key Management

Chapter 5: Aggregation

About Aggregation and Timestamps

Event Aggregation

Dynamic Aggregation

Setting Event Aggregation Levels

Default Aggregation Settings

Customizing Aggregation

Flow Aggregation

Port Values

Chapter 6: Policy Editor

Policy Editor Overview

Default Policy

Policy Tree: Modifying

Policy Importing and Exporting

Policy Change History

The Data Problem

Policy Status and Rollout

Log Management Challenges

Filtering and Tagging

ESMI Views

Operations and Tools Menu

Using the Toolbar


Theft of Confidential Information

Rule Variables

Use of Unauthorized Applications

Severity Weights

Situational Awareness

Rule Types

Cyber Slacking in the Workplace

Rule Inheritance

Use of Weak Passwords

Rule Properties: Settings

McAfee User Interface

Advanced Syslog Parser Rules

Views Toolbar


Out-of-Box Dashboard Views

Custom Views

Data Binding

Receiver Connection, Device Logs, Configuration,


Chapter 3: McAfee Enterprise Security Manager

Interface Views

Chapter 7: Correlation

McAfee Enterprise Log Manager Logs

Optimized Risk Management

Migrating the Database

Event Normalization

McAfee Enterprise Log Manager Compression

Event Correlation Engine

SAN volumes

Advanced Correlation Engine

Full Text Indexer

Receiver Correlation

McAfee Enterprise Log Manager Storage Pools

Adding a Correlation Data Source

iSCSI Configuration

Correlation Rule Editor

Adding, Editing, or Deleting Storage Devices

Rolling out Correlation Policy

ELM Mirrored Data Storage

Creating a Custom Correlation Rule

ELM Data

Editing an existing correlation rule

Adding an ACE appliance

Chapter 11: Troubleshooting and System


Using Historical mode

McAfee Technical Support

Login Troubleshooting

Creating Alarms

Operating System and Browser-Specific Issues

Alarm Settings

Hardware Issues

Alarm Details

Update and Upgrade Issues

Triggering Alarms

McAfee Health Status Flag


Watchlist Types: Static and Dynamic

Creating Watchlists

McAfee Enterprise Security Manager and McAfee

Enterprise Security Manager
Interface Troubleshooting

ESM Settings

Chapter 8: Alarms and Watchlists

Chapter 9: Reporting

Out-of-Box Reports

Chapter 12: SIEM Workflow

McAfee Enterprise Security Manager

Interface Desktop

Event Drilldown

Event Analysis

More About Using Specific Dashboards:

Normalized, Asset Vulnerability, Event and
Destination Geo-Location, Source User, Host,
Default Flow, Incident

Report Properties

Create Reports

Report Layout

Document Properties

Report Conditions

Query Wizard

Report Filter

Email, SMS, SNMP, Syslog Report Options

SIEM Workflow Demonstration

Viewing Reports

Case Management

Chapter 10: Working with

McAfee Enterprise Log Manager

McAfee Enterprise Log Manager Properties

ELM Terminology

Adding an McAfee Enterprise Log Manager Device

Estimating McAfee Enterprise Log Manager


McAfee Enterprise Log Manager Configuration


McAfee Enterprise Log Manager Backup and


Suggested Next Course(s)

McAfee Vulnerability Manager
Contact Information
To order, or for further information,
please contact McAfee Education at:

McAfee Education Services

McAfee Foundstone and McAfee Education Services
provide training on our award-winning products. We
provide this training globally with both instructorled and e-learning courses for organizations and
We also provide product and role based
certifications through the McAfee Security
Certification Program, validating your knowledge
and ability in a variety of security-related categories.
For more information, please visit us at
www.mcafee.com/us/services.aspx, or click
on the following links:
North America and Latin America
(instructor-led training)
Europe, Middle East, Africa, and Asia Pacific
(instructor-led training)
McAfee Certification Program (McAfee product and
McAfee Foundstone assessment certification)

2821 Mission College Boulevard

Santa Clara, CA 95054
888 847 8766

McAfee, the McAfee logo, ePolicy Orchestrator, and Foundstone are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States
and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for
information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 McAfee, Inc.