Configuring Security Threat Response Manager (CSTRM)

CSTRM - Configuring Security Threat Response Manager Training
Configuring Security Threat Response Manager (CSTRM)
  • Configuring Security Threat Response Manager (CSTRM)

    3 päivän kurssi
    Network Security
    1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
    Loading...

    Reviews

    Course Details

    Yleiskatsaus

    This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment. Key topics include deploying an STRM device in the network, configuring flows, running reports, and troubleshooting. Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the STRM device. This course uses the STRMV virtual appliance for the hands-on component. This course is based on STRM software 2012.1R1.

    Tavoitteet

    After successfully completing this course, you should be able to:

    • Describe the STRM system and its basic functionality;
    • Describe the hardware used with the STRM system;
    • Identify the technology behind the STRM system;
    • Identify the STRM system’s primary design divisions: display versus detection, and events versus traffic;
    • Plan and prepare for a new installation;
    • Access the administration console;
    • Configure the network hierarchy;
    • Configure the automatic update process;
    • Access the Deployment Editor;
    • Describe the STRM system’s internal processes;
    • Describe event and flow source configuration;
    • List key features of the STRM architecture;
    • Describe the STRM system’s processing logic;
    • Interpret the correlation of flow and event data;
    • List the architectural component that provides each key function;
    • Describe Events and explain where they come from;
    • Access the Log Activity interface;
    • Execute Event searches;
    • Describe flows and their origin;
    • Configure the Network Activity interface;
    • Execute Flow searches;
    • Specify the STRM system’s Asset Management and Vulnerability Assessment functionality;
    • Access the Assets interface;
    • View Asset Profile data;
    • View Server Discovery;
    • Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs);
    • Access vulnerability scanner configuration;
    • View vulnerability profiles;
    • Describe rules;
    • Configure rules;
    • Configure Building Blocks (BBs);
    • Explain how rules and flows work together;
    • Access the Offense Manager interface;
    • Understand Offense types;
    • Configure Offense actions;
    • Navigate the Offense interface;
    • Explain the Offense summary screen;
    • Search Offenses;
    • Use the STRM system’s Reporting functionality to produce graphs and reports;
    • Navigate the Reporting interface;
    • Configure Report Groups;
    • Demonstrate Report Branding;
    • View Report formats;
    • Indentify the basic information on maintaining and troubleshooting the STRM system;
    • Navigate the STRM dashboard;
    • List flow and event troubleshooting steps;
    • Access the Event Mapping tool;
    • Configure Event Collection for Junos devices;
    • Configure Flow Collection for Junos devices; and
    • Explain High Availability (HA) functionality on an STRM device.

    Sisältö

    Day 1

    Chapter 1: Course Introduction

    Chapter 2: Product Overview

    • Overview of the STRM Series Device
    • Hardware
    • Collection
    • Operational Flow

    Chapter 3: Initial Configuration

    • A New Installation
    • Administration Console
    • Platform Configuration
    • Deployment Editor
    • Lab 1: Initial Configuration

    Chapter 4: Architecture

    • Processing Log Activity
    • Processing Network Activity
    • STRM Deployment Options

    Chapter 5: Log Activity

    • Log Activity Overview
    • Configuring Log Activity
    • Lab 2: Log Activity

    Day 2

    Chapter 6: Network Activity

    • Network Activity Overview
    • Configuring Network Activity
    • Lab 3: Network Activity

    Chapter 7: Assets and Vulnerability Assessment

    • Asset Interface
    • Vulnerability Assessment
    • Vulnerability Scanners
    • Lab 4: Assets and Vulnerability Assessment

    Chapter 8: Rules

    • Rules
    • Configure Rules and Building Blocks
    • Lab 5: Rules

    Chapter 9: Offense Manager

    • Offense Manager
    • Offense Manager Configuration
    • Offense Investigation
    • Lab 6: Configure the Offense Manager

    Day 3

    Chapter 10: Reporting

    • Reporting Functionality
    • Reporting Interface
    • Lab 7: Reports

    Chapter 11: Basic Tuning and Troubleshooting

    • Basic Tuning
    • Troubleshooting

    Chapter 12: Configuring Junos Devices for Use with STRM

    • Collecting Junos Events
    • Collecting Junos Flows
    • Lab 8: Configuring Junos Devices for STRM

    Appendix A: High Availability

    • High Availability
    • Configuring High Availability

    Kohdeyleisö

    This course is intended for network engineers, support personnel, reseller support, and anyone responsible for implementing the STRM system.

    Esivaatimukset

    This course assumes that students have basic networking knowledge and experience in the following areas:

    • Understanding of TCP/IP operation;
    • Understanding of network security concepts; and
    • Experience in network security administration.

    Tulevat päivämäärät

      Nov 20 to Nov 22, 2017
    Espoo
      Feb 20 - Feb 22, 2018
    Espoo
      May 23 - May 25, 2018
    Espoo
      Aug 22 - Aug 24, 2018
    Espoo
      Nov 21 - Nov 23, 2018
    Espoo