ArcSight is a security information and event management (SIEM) platform, now part of OpenText, that collects, normalizes, and correlates log and event data from across an organization's IT environment to detect, investigate, and respond to security threats in real time. Built around the Enterprise Security Manager (ESM), SmartConnectors, and Logger, it ingests events from networks, endpoints, applications, and cloud services, applies correlation rules to surface multi-stage attacks, and gives analysts the dashboards and investigation tools a modern security operations center depends on. As threats grow more sophisticated and compliance demands tighten, teams that can operate ArcSight turn a flood of raw log data into clear, prioritized, and actionable detections.
As organizations face rising cyber threats and stricter compliance obligations, this program helps your security teams collect, correlate, and investigate events in ArcSight across real enterprise log sources. Empower your people with expert-led on-site, off-site, and virtual sessions delivered by Edstellar, a premier corporate training provider serving organizations worldwide in-person and virtually across popular languages. Fully customized to your goals, the program turns ArcSight skills into lasting capabilities that strengthen detection and response across your SOC, security engineering, and incident response teams.
By the end of the program, your team can deploy and tune SmartConnectors, write correlation rules, investigate incidents, and produce compliance reports in ArcSight with confidence. The result is faster threat detection, shorter investigation times, fewer false positives, and a measurable improvement in the security posture and audit readiness your organization depends on.

- Navigate the ArcSight ESM Console and explain the platform architecture, SmartConnectors, and event data flow.
- Collect and normalize logs from diverse sources using SmartConnectors and the Common Event Format (CEF).
- Build correlation rules, filters, and active channels that detect threats across the environment in real time.
- Investigate security incidents using dashboards, active lists, and the ArcSight Command Center.
- Use ArcSight Logger and Recon to search, retain, and report on event data for compliance.
- Tune detection content, reduce false positives, and run day-to-day SOC operations on ArcSight.
- Getting Started with ArcSight
- The SIEM and SOC landscape, and where ArcSight (OpenText) fits
- ArcSight architecture: ESM, SmartConnectors, Logger, and Command Center
- Core concepts: events, resources, and the Common Event Format (CEF)
- ESM Console navigation, dashboards, and the resource tree
- Deployment options and platform sizing for the enterprise
- Onboarding Your Log Sources
- Installing and configuring SmartConnectors and FlexConnectors
- Collecting logs from network, endpoint, application, and cloud sources
- Event normalization, categorization, and the CEF schema
- Filtering, aggregation, and connector tuning to control event volume
- Validating data flow and monitoring connector health
- Detecting Threats in Real Time
- Active channels, filters, and field-based rules
- Building correlation rules to detect multi-stage attacks
- Active lists, session lists, and variables
- Trends, data monitors, and use-case content packages
- Reducing false positives and tuning detection content
- Investigating and Reporting
- Investigating alerts with the ESM Console and Command Center
- Building dashboards, active channels, and visualizations
- ArcSight Logger for high-speed log search and retention
- ArcSight Recon for log search, threat hunting, and compliance reporting
- Scheduled reports and compliance use cases (PCI DSS, HIPAA, GDPR)
- Running the SOC on ArcSight
- Day-to-day SOC workflows and analyst triage on ArcSight
- Case management and integration with SOAR and ticketing tools
- User and entity behavior analytics with ArcSight Intelligence
- Platform administration: users, roles, and content management
- Best practices and an end-to-end ArcSight detection project
- Security Analysts
- IT Security Professionals
- Security Engineers
- Incident Response Teams
- Network Security Specialists
- IT Operations Teams
- Risk Management Professionals
- Security Architects
- Systems Administrators
- Compliance Officers
- IT Managers
- Network Managers
Participants should be comfortable with core networking and security concepts, such as TCP/IP, common log sources, and how security events flow through an enterprise environment. Some exposure to operating systems (Windows and Linux) and to security operations or system administration is helpful, but no prior ArcSight experience is required to get the most from the ArcSight training course.
64 hours of group training (includes VILT/In-person On-site)
Tailored for SMBs
160 hours of group training (includes VILT/In-person On-site)
Ideal for growing SMBs
Tailor-Made Trainee Licenses with Our Exclusive Training Packages!
400 hours of group training (includes VILT/In-person On-site)
Designed for large corporations
Tailor-Made Trainee Licenses with Our Exclusive Training Packages!
Unlimited duration
Designed for large corporations
Experienced Trainers
Our trainers are drawn from a vetted global network and bring years of industry expertise, keeping every session practical and impactful.
Proven Quality
With a strong global track record, Edstellar is known for quality and engaging delivery.
Industry-Relevant Curriculum
Our programs are built by experts to match the demands of today's industry.
Fully Customizable
Every program can be tailored to your organization's goals.
Comprehensive Support
We provide pre- and post-session support for a complete learning experience.
Global Multi-Location & Multilingual Training Delivery
We deliver in multiple languages to support diverse global teams.
Hear from Organizations We've Trained
Recognition That Motivates Your Team






.webp)
.webp)
.webp)