Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

(1)

Module 1: Overview

This module provides an overview of the AlienVault Unified Security Management (USM) solution. Upon completing this module, you will meet these objectives:

• Describe the goal of network security. • Provide an overview of AlienVault USM. • Describe AlienVault Threat Intelligence. • Describe AlienVault USM architecture.

This module includes these topics:

• Network Security

• AlienVault USM Overview • AlienVault Threat Intelligence • AlienVault USM Architecture

Module 2: AlienVault USM Solution Deployment

This module describes AlienVault Unified Security Management (USM) deployment options and explains how to prepare for the deployment. Upon completing this module, you will meet these objectives:

• Describe AlienVault deployment types. • Provide AlienVault deployment examples. • Describe AlienVault component profiles.

• Describe how to prepare for AlienVault deployment. • Describe AlienVault deployment best practices.

This module includes these topics and lab exercises:

• Deployment Types • Deployment Examples

• AlienVault Component Profiles • Deployment Preparation • Deployment Best Practices

• Lab 2-1: AlienVault USM Solution Deployment

Module 3: AlienVault USM Basic Configuration

This module describes AlienVault Unified Security Management (USM) installation, basic configuration and verification, and graphical user interface.

Upon completing this module, you will meet these objectives:

• Deploy and install AlienVault USM.

• Describe AlienVault USM graphical user interface. • Initially configure AlienVault USM.

(2)

• Initial Configuration

• AlienVault USM User Interface • Basic Configuration

• Lab 3-1: AlienVault USM Basic Configuration • Verify Basic Operations

• Lab 3-2: Verify AlienVault USM Basic Operations

Module 4: Asset Management

This module describes AlienVault Unified Security Management (USM) asset management. Upon completing this module, you will meet these objectives:

• Describe AlienVault USM assets. • Describe asset management. • Configure asset groups.

• Configure networks and network groups. • Configure asset discovery.

• Assets

• Assets Management • Asset Groups

• Networks and Network Groups • Asset Discovery

• Lab 4-1: Manage AlienVault USM Assets

Module 5: Security Intelligence

This module describes AlienVault Unified Security Management (USM) security intelligence, which utilizes data source plugins to normalize events from various data sources. It also includes correlation to detect security threats by tracking behavior patterns, as well as Open Threat eXchange (OTX) to provide reputation data on offending IP addresses. Upon completing this module, you will meet these objectives:

• Describe data aggregation and normalization. • Describe data sources and data source plugins. • Describe events and risk calculation.

• Describe logical correlation and cross-correlation. • Provide an overview of OTX.

This module includes these topics:

• Data Aggregation and Detection • Data Sources

(3)

• Correlation • OTX Review

Module 6: Policies and Actions

This module describes AlienVault Unified Security Management (USM) policies which are used to influence event processing, and to filter unnecessary events and false positives. The module also describes actions that can be configured as policy consequences. Upon completing this module, you will meet these objectives:

• Describe AlienVault USM policies. • Describe AlienVault USM actions. • Configure policies and actions.

• Policies • Actions

• Configure Policies

• Lab 6-1: Configure Policies and Actions

Module 7: Security Analysis

This module describes security analysis of alarms and events produced by AlienVault Unified Security Management (USM). The module starts with a description of a security analysis process, then reviews Dashboards and Alarms, and then gives a detailed breakdown of the steps and tools available during the process of security analysis.

Upon completing this module, you will meet these objectives:

• Describe AlienVault USM security analysis process. • Evaluate AlienVault USM dashboards.

• Evaluate AlienVault USM alarms.

• Evaluate AlienVault USM OTX data and external resources. • Use the AlienVault USM ticketing system.

• Evaluate AlienVault USM events.

• Evaluate AlienVault USM assets and vulnerabilities. • Evaluate AlienVault USM raw logs.

• Use the integrated Tshark packet capture tool.

• Evaluate AlienVault USM dashboards. • Security Analysis Process

• Examine Dashboards • Examine Alarms

(4)

• Examine Events

• Examine Assets and Vulnerabilities • Examine Raw Logs

• Capture Packets

• Lab 7-1: Perform Security Analysis

Module 8: Reporting

This module describes AlienVault Unified Security Management (USM) reporting. The module first describes reporting system. The module describes how to generate, view, and schedule reports, and how to customize reports or how to generate custom ones. Upon completing this module, you will meet these objectives:

• Describe AlienVault USM reporting system. • Run, schedule, and view a report.

• Create custom reports, modules, and layouts.

• Reports

• Running Reports

• Creating Custom Reports

• Lab 8-1: Run, Schedule, and Customize a Report

Module 9: Threat Detection

This module describes AlienVault Unified Security Management (USM) threat detection functionalities. The module first describes the Intrusion Detection System (IDS). Then the module describes three types of AlienVault USM IDS functionalities: network IDS, host IDS, and wireless IDS. The module also describes the AlienVault USM vulnerability assessment functionality. Upon completing this module, you will meet these objectives:

• Describe IDS system.

• Configure AlienVault USM network IDS. • Configure AlienVault USM host IDS. • Configure AlienVault USM wireless IDS.

• Configure and perform AlienVault USM vulnerability assessment.

• Configure AlienVault USM network IDS. • IDS System

• Network IDS • Host IDS • Wireless IDS

• Vulnerability Assessment

(5)

Module 10: Behavioral Monitoring

This module describes AlienVault Unified Security Management (USM) behavioral monitoring functionalities. The module first (briefly) describes log collection. Then the module describes AlienVault USM NetFlow collection. The module also explains the AlienVault USM availability monitoring functionality. Upon completing this module, you will meet these objectives:

• Describe and configure AlienVault USM log collection. • Describe and configure AlienVault USM NetFlow collection. • Describe and configure AlienVault USM availability monitoring.

• Log Collection • NetFlow

• Availability Monitoring

• Lab 10-1: Deploy AlienVault USM Availability Monitoring

Module 11: Customizing Security Intelligence

This module describes how to customize security intelligence in AlienVault Unified Security Management (USM) system. The module first describes how to customize or create custom data source plugins. Then the module describes how to customize or create new correlation directives. Upon completing this module, you will meet these objectives:

• Customize data source plugins. • Customize correlation directives.

• Customizing Data Source Plugins • Customizing Correlation Directives

• Lab 11-1: Customize Security Intelligence

Module 12: System Maintenance

This module describes AlienVault Unified Security Management (USM) system maintenance. The module first describes for how long AlienVault USM stores alarms, events, and logs, and how you can modify retention settings. Then the module

describes how to perform events and full system backup and restore. The module also describes how to update the AlienVault USM system and threat intelligence feeds, and how to perform factory default restore. Upon completing this module, you will meet these objectives:

• Describe AlienVault USM alarms, events, and logs retention. • Describe how to perform backup and restore of events data.

• Describe how to upgrade AlienVault USM system and threat intelligence feed. • Describe how to perform AlienVault USM full system backup and restore. • Describe how to perform AlienVault USM factory default restore.

(6)

• Events, Alarms, and Logs Retention • Events Backup and Restore

• Upgrading System and Threat Intelligence Feed • Full System Backup and Restore

• System Factory Default Restore

• Lab 12-1: Maintain AlienVault USM System

Module 13: Administrative User Management

This module describes AlienVault Unified Security Management (USM) administrative user management. The module first describes what administrative users are required for. Then the module describes how to change settings of an administartive user, how to manage administrative user accounts, and how to manage global authentication settings. The module also describes administrative user activity accounting, and how to perform admin user account password recovery. Upon completing this module, you will meet these objectives:

• Describe administrative user management. • Manage my user profile.

• Manage administrative users.

• Describe administrative user accounting. • Manage global authentications settings. • Recover admin user account password.

• Administrative User Management • Manage My User Profile

• Manage Administrative Users

• Manage Global Authentication Settings • Administrative User Accounting

• Recover Admin Password

• Lab 13-1: Manage Administrative Users

Module 14: Complex Deployment

This module describes AlienVault Unified Security Management (USM) complex deployment. The module first provides some examples when distributed deployment is required. Then the module describes how to scale the AlienVault system. The module also describes AlienVault Center, and correlation contexts and entities. Upon

completing this module, you will meet these objectives:

• Describe AlienVault USM deployments. • Scale AlienVault USM deployment. • Describe AlienVault Center.

• Describe correlation contexts and entities.

(7)

• AlienVault USM Deployments • Scaling AlienVault USM System • AlienVault Center