Aruba

AR-AIS

Configuring Aruba IntroSpect

Price:
Duration: 3 Days

Who should attend

Typical candidates for this course are Aruba implementation partners who will be installing IntroSpect into customer networks or customer Administrators and Network Architects who will design and plan and maintain the IntroSpect system.

Prerequisites

There are no certification prerequisites for this course. Participants should understand basic networking technologies and design concepts. Participants should be familiar with the Microsoft domain structure and authentication concepts, as well as a basic knowledge of Aruba ClearPass. It is also recommend that a participant in this class be familiar with the features of the Aruba Mobility Controller and the firewall.

Dates
International dates
 
Europe
 
Date Country Location Language Register
30-09-2020 - 02-10-2020 ES Tres Cantos, Madrid Español Register

Course Description

This course teaches how to plan & implement an enterprise security solution using Aruba IntroSpect. The material covers integrating & monitoring wired & wireless networks into the product. Hands-on labs will lead you through the configuration and integration with ClearPass as well as other network servers. Configuration of log sources to monitor network traffic & authentication. You will get an introductory primer on conducting threat hunting and evaluating the analytics provided by User & Entity Behavior Analytics (UEBA). Aruba’s best practices in establishing a security monitoring infrastructure are presented. Candidates will acquire the skills to assess a company’s security requirements & then design a monitoring solution to meet them. Learn to integrate IntroSpect into campus LAN, WLAN, & multisite environments. Exposures to security analytics on warehouse and IoT networks.
The 3 day course is approximately 55% lecture & 45% hands-on lab exercises. Giving students the skills required to implement IntroSpect.

Course Objectives

After you successfully complete this course, expect to be able to:

• Understand the architecture of the IntroSpect system.
• Determine the appropriate IntroSpect deployment for customer situations.
• Determine the most effective locations to monitor traffic on the network.
• Configure log sources to gather data for analytics.
• Configure IntroSpect Packet Processor to forward log data to the IntroSpect Analyzer.
• Configure effective analytics on the IntroSpect Analyzer.
• Integrate IntroSpect with ClearPass for a complete security solution.
• Review and evaluate user and entity behavior characteristics.
• Identify common indicators of compromise.
• Administer and update the IntroSpect system.

Course Content

  • Security Basics
    • Characteristics of an Attack
    • Indicators of Compromise
    • Cyber Attacks and the Cyber Kill Chain
  • Introduction to IntroSpect
    • IntroSpect Overview
    • Analytics Tools and Dashboards
    • AI and Machine Learning in IntroSpect
  • System Installation
    • IntroSpect Analyzer Configuration
    • IntroSpect Packet Processor Configuration
  • Analyzer Deployment Architecture
    • Fixed Configuration vs Scale-out Deployments
    • Licensing
    • Deployment Scenarios
    • Overview of How IntroSpect Uses Logs and Data
  • Log Sources
    • Introduction to the Log Processing Chain
    • Configuring Log Sources
    • Customizing Log Sources
  • ClearPass Integration
    • IntroSpect as an External Context Server in ClearPass
    • Configuring ClearPass Log Sources in IntroSpect
    • Configuring ClearPass API and Client for IntroSpect
    • Quarantine Users / Entities from IntroSpect
  • Configuring Analytics
    • Introduction to Analytics and the Analyzer Dashboard
    • Entity360
    • Monitoring Strategies
    • Data Validation
  • Alert Investigation
    • Alert Investigation and Baselines
    • Alert Notifications and Chaining Alerts
    • Analyzing Alerts and Conversations
  • Administrative Tasks
    • Software Upgrade
    • IntroSpect Analyzer Health Checks
    • Data Retention Tuning
    • Administrative User Management
    • IntroSpect Analyzer Logs and Tech Support
  • Troubleshooting
    • System Alarms
    • Debugging the ETL Pipeline
    • Evaluating Log Sources and Alerts Errors
Further information

If you would like to know more about this course please contact us