We are happy to advise you!
0845 470 1000     Contact

Instructor-Led Online Training (ILO)
Live Online Classes in the Virtual Classroom

Find out more and view dates

Creating Advanced ESM 7.x Content for Security Use Cases (ESM280)


Who should attend

This course is intended for:

  • Defining organization’s security objectives
  • Building ArcSight ESM content to adhere to those objectives


To be successful in this course, you should have the following prerequisites or knowledge:

  • 12 months experience creating ArcSight ESM content (recommended)
  • Computer desktop, browser, and file system navigation skills
  • Basic understanding of TCP/IP networking and database concepts
  • Enterprise security experience [highly advantageous] Plus, an understanding of:
  • Network device functions and capabilities, such as routers, switches, etc.
  • Security device functions and capabilities, such as IDS/IPS, firewalls, etc.
  • TCP/IP networking, file system, and database concepts
  • SOC Organizational structure and workflow hierarchy
  • SIEM terminology, such as asset, threat, vulnerability, safeguard, etc.

Course Objectives

Upon successful completion of this course, you should be able to:

  • In an ArcSight ESM context, define a Use Case
  • Use the Use Case worksheet from an initial problem statement, generate requirement statements and prioritize objectives
  • Identify data sources and ESM resources required to fulfil the objectives of the use case
  • To fulfil use case requirements, create identified ESM content
  • Construct ArcSight Variables to provide advanced analysis of the event stream
  • Develop ArcSight Rules to allow advanced correlation activities
  • Build event-based data monitors to provide real-time views of event traffic and anomalies
  • Implement custom velocity macros for notification
  • Package formulated ESM contents for the Use Case into ArcSight Resource Bundle

Course Content

Creating Advanced ESM Content for Security Use Cases covers ArcSight security problem solving methodology within the ESM context. In this course, you will learn advanced techniques to use ArcSight ESM content to find, track and remediate security incidents specifically identified in the course use cases. During the training, you will learn to:

  • Use variables and correlation activities
  • Customize report templates to use dynamic content
  • Customize notification templates to send the appropriate notification based upon specific attributes of an event
Online Training

Duration 5 days

Price (excl. VAT)
  • £ 3,500.-
Classroom Training

Duration 5 days

Price (excl. VAT)
  • United Kingdom: £ 3,500.-


This course is guaranteed to run. Please see our complete terms and conditions for full details of this offer.
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
1 hour difference
14/12/2020 ― 18/12/2020 Online Training Time zone: Central European Time (CET) guaranteed date!
15/03/2021 ― 19/03/2021 Online Training Time zone: Central European Time (CET)
24/05/2021 ― 28/05/2021 Online Training Time zone: Central European Summer Time (CEST)