Sentinel 8 Log Manager Administration
Course 3160

Sentinel Log Manager Administration is covered in this course. Sentinel Log Manager course covers enabling the collection, storage, analysis and management of IT infrastructure event and security logs. The course shows the flexible and cost-efficient log management, that is an important component of a complete, real-time, identity-aware security information and event management solution.

Course Information

Delivery Method: Virtual Classroom, Classroom, Self-Study Kit, Ondemand

Course Duration: 2 days

Course Level: Beginner

Key Objectives

The key objectives of the course are after this module, you will be able to:

  • Understand the dataflow of Sentinel
  • Discuss the different installation types
  • Define the several different types of use cases
  • Create active views and apply filters in the control center
  • Understand the parameters of active views
  • Create event views and apply filters in the web UI
  • Create Users and Roles
  • Set LDAP Settings
  • Discuss Internal Data Stores
  • Define Data Retention
  • Use the Event Source Management (ESMO) user interface
  • Perform a Running Search
  • Perform a Distributed Search
  • Discuss White Label Template
  • Define Data Mapping

Audience Summary

The course is designed for Sentinel Log Management administrators and support personnel familiar with Windows, Domain Controllers, and Networking.

Course Outline

Module 1: What is Sentinel?

  • Architecture
  • Sentinel Flow
  • Markets
  • Sentinel Log Manager
  • Use Cases
  • Sentinel 7.3 and 7.4 Updates
  • Licensing Updates

Module 2: Planning

  • Data Sources and Flow
  • High Availability
  • Sizing

Module 3: Installation

  • Installation Overview
  • Installation Options
  • Deployment Options
  • Open Virtualization Format (OVF) and Appliance Updates
  • Installation Lab

Module 4: Event Views

  • Active Views
  • Event Views
  • Active Views Demonstration
  • Lab: Active Views and Event Views

Module 5: Setting Up Users

  • Configuring LDAP
  • Configuring User Security
  • Configuring Password Complexity
  • Viewing Active User Sessions
  • Setting Up Users Demo
  • Setting Up Users Lab

Module 6: Storage

  • Internal Data Stores
  • Types of Data
  • Data Retention
  • Supported Storage Options
  • Storage Demo
  • Lab: Storage

 

 

Module 7:Event Collection

  • Event Source Management (ESM) Interface
  • ESM Components
  • Creating an Event Source
  • Event Source Management Demo
  • Event Source Management Lab

Module 8:Searching and Reporting

  • Running a Search
  • Search Filters
  • Running a Report
  • Scheduling a Report
  • Report Definitions
  • Distributed Search
  • White Label Template
  • Searching and Reporting Demo
  • Searching and Reporting Lab

Module 9: Sentinel Agent Manager (SAM)

  • Windows Agent
  • Central Computers & Discovery Rules
  • Windows Agent Administrator

Module 10: Adding Event Context

  • Adding Event Context Demo

Course Prerequisites

Prerequisites are an understanding of Windows, basic Unix, Networking, and Active Directory.