This course focuses on Security Incident and Event Management (SIEM) reporting through the Nitroview/McAfee SIEM module of the Ovation™ Security Center. This class centers on managing preloaded templates, manipulating the templates, and also creating reports utilizing the report building features of the SIEM. The students will have a clear understanding of the available templates, plus be able to add, modify, delete, and export reports upon completion of the course. The course duration is two days.
Students should have a good understanding of overall purpose of the Security Incident and Event Management and basic terms used within the tool. No Ovation DCS knowledge is required. Recommended prerequisites: OV320 and OV360 Highly recommended: OV365
Upon successful completion of this course, using the reference material provided, the student will be able to:
• Describe the basic functions of the security incident and event management tool
• Identify the differences between signature and normalized ids, and how they are important to reporting.
• Identify the templates available and how they relate to different regulations and determine the most useful
• Locate where reports are saved
• Demonstrate knowledge of SIEM reporting building features: