Plan and implement an enterprise security solution using Aruba IntroSpect.
This course teaches how to plan & implement an enterprise security solution using Aruba IntroSpect. The material covers integrating & monitoring wired & wireless networks into the product. Hands-on labs will lead you through the configuration and integration with ClearPass as well as other network servers. Configuration of log sources to monitor network traffic & authentication. You will get an introductory primer on conducting threat hunting and evaluating the analytics provided by User & Entity Behavior Analytics (UEBA). Aruba’s best practices in establishing a security monitoring infrastructure are presented. Candidates will acquire the skills to assess a company’s security requirements & then design a monitoring solution to meet them. Learn to integrate IntroSpect into campus LAN, WLAN, & multi-site environments. Exposures to security analytics on warehouse and IoT networks.
The 3 day course is approximately 55% lecture & 45% hands-on lab exercises. Giving students the skills required to implement IntroSpect.
HPE Product Certified - Aruba IntroSpect Specialist
There are no certification prerequisites for this course. Participants should understand basic networking technologies and design concepts. Participants should be familiar with the Microsoft domain structure and authentication concepts, as well as a basic knowledge of Aruba ClearPass. It is also recommend that a participant in this class be familiar with the features of the Aruba Mobility Controller and the firewall.
Typical candidates for this course are Aruba implementation partners who will be installing IntroSpect into customer networks or customer Administrators and Network Architects who will design and plan and maintain the IntroSpect system.
- Characteristics of an Attack
- Indicators of Compromise
- Cyber Attacks and the Cyber Kill Chain
Introduction to IntroSpect
- IntroSpect Overview
- Analytics Tools and Dashboards
- AI and Machine Learning in IntroSpect
- IntroSpect Analyzer Configuration
- IntroSpect Packet Processor Configuration
Analyzer Deployment Architecture
- Fixed Configuration vs Scale-out Deployments
- Deployment Scenarios
- Overview of How IntroSpect Uses Logs and Data
- Introduction to the Log Processing Chain
- Configuring Log Sources
- Customizing Log Sources
- IntroSpect as an External Context Server in ClearPass
- Configuring ClearPass Log Sources in IntroSpect
- Configuring ClearPass API and Client for IntroSpect
- Quarantine Users / Entities from IntroSpect
- Introduction to Analytics and the Analyzer Dashboard
- Monitoring Strategies
- Data Validation
- Alert Investigation and Baselines
- Alert Notifications and Chaining Alerts
- Analyzing Alerts and Conversations
- Software Upgrade
- IntroSpect Analyzer Health Checks
- Data Retention Tuning
- Administrative User Management
- IntroSpect Analyzer Logs and Tech Support
- System Alarms
- Debugging the ETL Pipeline
- Evaluating Log Sources and Alerts Errors
The price for this course excludes any costs for taking an exam. If an exam voucher is taken after the training, an additional invoice will be sent.