This course prepares Trellix SIEM engineers and analysts to understand, communicate, and use the features provided by Trellix Enterprise Security Manager. Through demonstration, explanation, and hands-on lab exercises, you will learn how to utilize the Enterprise Security Manager by using Trellix-recommended best practices and methodologies.

• Review the ESM solution’s abilities and configuration options
• Define and configure advanced data sources topics such as Asset Manager, Data Enrichment, Auto Learn, SIEM Collector, and Vulnerability Assessment
• Configure custom parsing rules
• Implement best practice recommendations in tuning ESM to enhance performance and events visibility
• Configure Deviation based correlation rules and utilize techniques for both Event and Risk-Based Correlation
• Make tuning recommendations according to your analysis and identify events for immediate action, delayed action, or no action
• Perform actions to maximize the usefulness of Enterprise Security Manager
• Create well-defined use cases and follow a process to implement them

Day 1:

• Welcome
• Contextual Configurations
• Advanced Data Source Options
• Alarms, Actions, Notifications, and Reports

Day 2:

• Data Streaming Bus
• Advanced Syslog Parser
• ESM Tuning and Best Practices
• Performance Troubleshooting

Day 3:

• Advanced Correlation
• Analysts Tasks
• Use Case Overview
• Management Directives Use Cases

Day 4:

• Organizational Policies Use Cases
• Compliance Use Cases
• Current Threats and Vulnerabilities Use Cases
• Incident Identification Use Cases

This course is intended for Enterprise Security Manager users responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the Enterprise Security Manager solution.

Students taking this course should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.