Oversikt This course provides an understanding of the process to add additional event sources to RSA enVision, including how enVision collects data and how messages are parsed. Students will learn how to create and deploy event source support files for unknown devices using the EventSource Integrator (ESI) tool, thereby, extending the compliance and security capabilities provided by enVision. This class is lab-intensive. More time will be spent working on exercises than in lectures.
Forkunnskaper
A functional knowledge of computer operations and networking fundamentals. Attendance in the RSA enVision Administration course.
Neste kursdato
Tilgjengelige dager ved forespørsel. Vennligst kontakt oss
Mer informasjon
RSA enVision administrators and system developers who want the capability to administer new device support on their timeframe. This class will also benefit anyone who requires a stronger understanding of enVision's database tables and fields.
- Deploy and test the support files
- Create support files for an unknown event source using the EventSource Integrator (ESI) tool
- Describe how enVision interprets logs and how messages are parsed
- Extract events from an unknown event source
- Identify collection methods for different types of logs
- Describe the event source integration process
- Advanced Topics, such as Functions, Conditional Variables and Value Maps
- Testing the event source integration
- Creating and deploying support files using the EventSource Integrator
- How enVision interprets logs – how messages are parsed
- Log collection methods and formats
- Principles of logging