Training Micro Focus

Training goals dlearning

code: ESM180-70 | version: 7.0

Building Security Use Cases with ArcSight ESM provides you with detailed knowledge of the ArcSight security problem solving methodology, within the ESM context. In this course, you learn the methodologies to develop use cases for current business scenarios, derived from the top business drivers in the market. During the training, you will learn to: 

  • Identify business drivers to develop Use Cases using ArcSight ESM
  • Identify Use Case problems and requirement statements associated with actual scenarios
  • Using the Use Case worksheet, document the use case
  • Develop ArcSight ESM content to accommodate Use Case discrete objectives

Upon successful completion of this course, you should be able to:

  • In an ArcSight ESM context, define Use Case
  • Using the Use Case worksheet from an initial problem statement, generate requirement statements and prioritize objectives
  • Identify data sources and ESM resources required to fulfil the objectives of the use case
  • Create identified ESM content
  • Construct ArcSight Active Channels to provide advanced analysis of the event stream
  • Develop ArcSight Rules to allow correlation activities
  • Build event-based data monitors to provide real-time viewing of event traffic
  • Package formulated ESM content for Use Case into ArcSight Resource Bundle

Audience/Job Roles

This advanced course is intended for those whose primary responsibilities include:

  • Defining organization’s security objectives
  • Building ArcSight ESM content to adhere to those objectives.

Conspect Show list

  1. Understanding Use Cases
    • Defining Use Cases
    • Building ArcSight Use Cases
    • ArcSight Best Practice Considerations
  2. Delivering ArcSight Use Cases
    • Activity 1 - Solution Delivery Using Packages
    • Activity 2 – Using the ArcSight Use Case Resource
  3. Compliance Use Cases – Self Study
    • Use Case 1 – FISMA
    • Use Case 2 – PCI
    • Use Case 3 - SOX
  4. Appendix
    • Module 1 and Module 3 Topic Quizzes
  5. Implementing Custom ArcSight Solutions
    • Internal Threats
      • Use Case 1 - Privileged Account Usage
      • Use Case 2 - Network Logon Status
      • Use Case 3 - Account Deletion Policy
      • Use Case 4 – Removable Media Policy
    • Perimeter Threats
      • Use Case 5A - Zero Day Attack Policy
      • Use Case 5B - Zero Day Attack Policy Confirmation
      • Use Case 6 – Reducing False Positives Policy
      • Use Case 7 -Anti-Virus Metrics
      • Use Case 8 - Disallowed Services Monitoring
      • Use Case 9 - Custom Use Case
Download conspect training as PDF

Additional information


To be successful in this course, you should have the following prerequisites or knowledge:

  • Common network device functions, such as routers, switches, hubs, etc.
  • TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
  • Windows operating system tasks, such as installations, services, sharing, navigation, etc.
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
  • Security directives, such as Confidentiality, Integrity, Availability
Difficulty level
Duration 3 days

The participants will obtain certificates signed by Micro Focus (course completion).


Authorized Micro Focus Trainer

Other training Micro Focus | ArcSight

Training thematically related

IT Security

Contact form

Please fill form below to obtain more info about this training.

* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

2160 USD


Discount codes

Discount code may refer to (training, producer, deadline). If you have a discount code, enter it in the appropriate field.
(green means entering the correct code | red means the code is incorrect)



Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

Dlearning training

You may participate from at any place in the world. It is sufficient to have a computer (or, actually a tablet, or smartphone) connected to the Internet. Compendium CE provides each Distance Learning training participant with adequate software enabling connection to the Data Center. For more information, please visit site



Electronic materials

Electronic Materials: These are electronic training materials that are available to you based on your specific application: Skillpipe, eVantage, etc., or as PDF documents.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.



    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
Book a training appointment