6 Replies Latest reply on Feb 19, 2015 5:21 PM by vagner.silva

    McaFee SIEM Training

    gkt1234

      Dear All,

       

      We will going to have training on McAfeee SIEM,

       

      I need list checklist covering points to make sure trainer has covered all areas , since I am new to this tool.

       

      Thanks in Advance

       

      Regards,

       

      Girish

        • 1. Re: McaFee SIEM Training
          xded

          Hi,

           

          • Data sources integration
            • Windows WMI
            • Windows CEF
            • Syslog
              • Troubleshoot
          • Dashboard
            • Creating and modify existing one
          • Assetmanager
            • Assests
            • Zones
            • and so on
          • Watchlist
            • Dynamic
            • Static
          • Alarm
            • Generate various Alarms for your Network
          • Reporting
            • make some different reports
          • Correlation
          • ELM
          • and many more
          • 2. Re: McaFee SIEM Training
            gkt1234

            thanks xded for information ,

             

            looking for ward for more information , if any one has attended Mcafee official training , what were the topics they cover..

             

            this training is from the vendor who is implementing the tool, they are not organized , so I have feeling they might miss some important topics.

            • 3. Re: McaFee SIEM Training
              michal_be

              When you will have this training?

              I am going to have on 17th March in UK.

              • 4. Re: McaFee SIEM Training
                xded

                Download the userguid and the table of content is the structur of the training, i think.

                • 5. Re: McaFee SIEM Training
                  vagner.silva

                  I just would like to share with guys if you already don't know it.

                   

                  There's a program called ACE for partners, and if you are, you can sign up at www.securityalliance.mcafee.com .

                   

                  Steps to take certification:

                  1. Complete the Pre-Work ( A serie of web courses )

                  2. 2 Days of presencial course at McAfee Building

                  3. Get an opportunity ID and install a POC of SIEM

                   

                  You can find complete details at www.securityalliance.mcafee.com .

                   

                  Any doubt you can contact me and I'll be happy to help.

                   

                  Cheers!

                  • 6. Re: McaFee SIEM Training
                    vagner.silva

                    I Just forgot the question you made!!

                     

                    You can find details here and download the data sheet:

                    McAfee SIEM Administration | Treinamento em produtos da McAfee

                     

                     

                     

                    Course Outline

                    Chapter 1: SIEM Overview

                    • What Is SIEM?
                    • How SIEM is used
                    • SIEM Components Overview
                    • SIEM Architecture
                    • Identifying Business Needs and Stakeholders
                    • Deployment Scenarios
                    • SIEM Sizing Overview
                    • McAfee Enterprise Security Manager

                      Interface Setup

                    • FIPS
                    • Implementation Process
                    • Change Control

                      Chapter 2: McAfee Enterprise Security Manager and Receiver Overview

                      • McAfee Enterprise Security Manager Properties Overview

                      • McAfee Enterprise Security Manager Settings
                      • Receiver Redundancy
                      • Receiver Overview/Properties
                      • Receiver Vulnerability Assessment
                      • Receiver Asset Data Source
                      • Receiver Key Management
                      • Receiver Connection, Device Logs, Configuration,

                        Redundancy

                        Chapter 3: McAfee Enterprise Security Manager Interface Views

                    • The Data Problem
                    • Log Management Challenges
                    • ESMI Views
                    • Using the Toolbar
                    • Theft of Confidential Information
                    • Use of Unauthorized Applications
                    • Situational Awareness
                    • Cyber Slacking in the Workplace
                    • Use of Weak Passwords
                    • McAfee User Interface
                    • Views Toolbar
                    • Filters
                    • Out-of-Box Dashboard Views
                    • Custom Views
                    • Data Binding

                    Chapter 4: Receiver Data Source Configuration Receiver Data Sources
                    Receiver Properties
                    Adding a Data Source

                    Data Source Types
                    Configuring Common Data Sources Client Data Sources
                    Data Source Profiles
                    Data Source AutoLearn
                    Adding VA Data Sources
                    Asset Manager
                    Real Time in Data Enrichment

                    Chapter 5: Aggregation
                    About Aggregation and Timestamps Event Aggregation
                    Dynamic Aggregation
                    Setting Event Aggregation Levels
                    Default Aggregation Settings
                    Customizing Aggregation
                    Flow Aggregation
                    Port Values

                    Chapter 6: Policy Editor

                    • Policy Editor Overview
                    • Default Policy
                    • Policy Tree: Modifying
                    • Policy Importing and Exporting
                    • Policy Change History
                    • Policy Status and Rollout
                    • Filtering and Tagging
                    • Operations and Tools Menu
                    • Normalization
                    • Rule Variables
                    • Severity Weights
                    • Rule Types
                    • Rule Inheritance
                    • Rule Properties: Settings
                    • Advanced Syslog Parser Rules

                     

                     

                    Chapter 7: Correlation

                    • Optimized Risk Management
                    • Event Normalization
                    • Event Correlation Engine
                    • Advanced Correlation Engine
                    • Receiver Correlation
                    • Adding a Correlation Data Source
                    • Correlation Rule Editor
                    • Rolling out Correlation Policy
                    • Creating a Custom Correlation Rule
                    • Editing an existing correlation rule
                    • Adding an ACE appliance
                    • Using Historical mode

                      Chapter 8: Alarms and Watchlists

                    • Creating Alarms
                    • Alarm Settings
                    • Alarm Details
                    • Triggering Alarms
                    • Watchlists
                    • Watchlist Types: Static and Dynamic
                    • Creating Watchlists

                      Chapter 9: Reporting

                      • Out-of-Box Reports

                      • Report Properties
                      • Create Reports
                      • Report Layout
                      • Document Properties
                      • Report Conditions
                      • Query Wizard
                      • Report Filter
                      • Email, SMS, SNMP, Syslog Report Options
                      • Viewing Reports

                        Chapter 10: Working with McAfee Enterprise Log Manager

                      • McAfee Enterprise Log Manager Properties
                      • ELM Terminology
                      • Adding an McAfee Enterprise Log Manager Device
                      • Estimating McAfee Enterprise Log Manager

                        Storage

                      • McAfee Enterprise Log Manager Configuration Settings
                      • McAfee Enterprise Log Manager Backup and Restore

                    McAfee Enterprise Log Manager Logs
                    Migrating the Database
                    McAfee Enterprise Log Manager Compression SAN volumes
                    Full Text Indexer
                    McAfee Enterprise Log Manager Storage Pools iSCSI Configuration
                    Adding, Editing, or Deleting Storage Devices
                    ELM Mirrored Data Storage
                    ELM Data

                    Chapter 11: Troubleshooting and System Management

                    • McAfee Technical Support
                    • Login Troubleshooting
                    • Operating System and Browser-Specific Issues
                    • Hardware Issues
                    • Update and Upgrade Issues
                    • McAfee Health Status Flag
                    • McAfee Enterprise Security Manager and McAfee

                      Enterprise Security Manager Interface Troubleshooting

                    • ESM Settings

                      Chapter 12: SIEM Workflow

                      McAfee Enterprise Security Manager Interface Desktop

                      Event Drilldown
                      Event Analysis
                      More About Using Specific Dashboards:

                      Normalized, Asset Vulnerability, Event and Destination Geo-Location, Source User, Host, Default Flow, Incident

                      SIEM Workflow Demonstration Case Management

                     

                     

                     

                    http://www.mcafee.com/br/services/product-training/security-information-event-mg t-administration.aspx