Course Description: AlienVAult
This course is taught in online mode and consists of 14 units. The duration of the course is distributes between content and collaboration tools. Upon completion, the student will receive an accrediting diploma.
Training is done through our Virtual Campus , with this modality you will have all the didactic content on the course platform and it will be accessible, from the start day of the course, 24 hours a day, every day of the week. The student will also have participation forums , as well as a continuous tutoring .
The course is taught in teletraining modality (100% bonus option) and face-to-face and tele-face-to-face training actions can also be carried out on demand.
Introduction
AlienVault is an information security platform that offers comprehensive solutions for detecting and responding to cyber threats . The AlienVault course aims to train security professionals in the use of this tool, as well as best practices for incident management, risk analysis, and attack prevention.
At the end of the course, participants will be able to use AlienVault to protect their infrastructure and data, as well as comply with current security standards and regulations.
Addressed to
The course is aimed at people who have basic knowledge of information security, networks and operating systems, and who want to expand their skills in the field of cybersecurity.
Course content
1) Introduction to USM AlienVAult
Module 1
- Understand the basic operation of AlienVault all-in-one
- Describe the architecture of AlienVault all-in-one
- Description of OTX (Open Threat Exchange)
Module 2
- Graphic User Interface.
- AlienVault Graphic User Interface Description
- Description of the AlienVault GUI menus.
- Basic configuration.
2) Asset management
- Definition of assets.
- Description of asset management.
- Add assets to the asset management table.
- Set up and schedule an asset discovery.
- Configure and manage assets using Groups, Networks and Tags.
3) Configuration of data sources
- Description of the introduction and homogenization of data.
- Describe the data sources and how they work.
- Enable different data sources.
- Understand how events are processed.
- Calculate risks based on events.
- Correlate events.
4) Policies and actions
- Navigate the policy interface.
- Policy configuration.
- Configure event policies.
- Configure policies for event policies.
5) Correlation directives
- Understand the AlienVAult USM correlation method.
- Describe correlation policies.
- Create custom correlation policies.
6) Threat detection
- • Configure the IDS.
- • Configure the IDS through the Environment menu.
- • Configure the IDS through the Assets menu.
- • Set up a vulnerability scan.
7) Behavior monitoring
- Describe and configure log collection.
- Describe and configure netflow.
- Describe and configure configuration enablement.
8) OTX
- Describe OTX and its most important concepts.
- Set up an OTX account
- Collaboration with other OTX users.
9) Security analysis.
- Security analysis process.
- Scorecard exam.
- Remedy alarms.
- Event investigation.
- Check raw log for more details.
- Review packet captures for more details about an event.
- Ticket file for event investigation management
10) System maintenance.
- Describe logs, alarms and log conservation.
- Explain how event data is saved and restored.
- Explain how configuration data is saved and restored.
11) Administrative management of users.
- User profiles.
- Account management.
- User authentication management.
- Recovery of administrator credentials.
12) USM Updates
- Explanation of the USM update process.
- How to update threat intelligence, plugins and reports.
- How the USM is updated offline.
13) Reports.
- Description of the reporting system.
- Make, schedule and view a report.
- Create custom reports.
- Create custom report templates.
- Create custom modules based on logs and security events.
14) Plugins.
- Understand how to create custom plugins for the USM.
- Describe the plugin configuration files.
- Use of regular expressions in plugins.
- Plugin explanation for SQL files.
- Enable new plugins
Previous requirements
No prior technical requirements are necessary to take this course. However, basic computer skills and knowledge of environments related to Information Technology are recommended.
Rates
If you are interested in taking this course in any training modality, please contact us.
