8/12/2019 FlexConnector ILT Outline
1/2
ArcSight FlexConnector Train ingWorkshop Course Description
ArcSight FlexConnector Configuration Training will provide you
with an overview of ArcSightconnectors and explain the ESM Schema.
Additionally attendees will learn how to configure theflex
connector configuration files and understand the various parsing
methods available includingreal examples from standard connectors.
Parsing methods covered will include Fixed delimited,
Regular Expressions, Database, and SNMP. Advanced configuration
options such as multi-lineREGEX, parser linking and conditional
mapping will also be covered. You should have a goodunderstanding
of Regular Expressions to attend this course.
Introductions(30 Minutes)(Instructor Lead Presentation)
Lesson IIntroduction to ArcSight Connectors(Instructor Lead
Presentation)
o What is an Arcsight SmartConnector?o SmartConnector
Architectureo
What is an Arcsight FlexConnector? Types of FlexConnectorso
Connector Installation
Common Installation Steps Common Configuration Tasks Selecting
Connector Type
o ArcSight Schema Schema Groupings
Lesson IICreating the FlexConnector Configuration
File(Instructor Lead Presentation and Hands On Activity)
o Configuration File Locationso Parser Configurationo Declaring
Tokenso Event Mappingo Severity Mappingo Double Underscore
Operatorso FlexConnector Wizard
Lesson IIIRegular Expressions (REGEX) FlexConnectors(Instructor
Lead Presentation and Hands On Activity)
o REGEX Configuration Testero Regex Configuration File
Common Regex Subparser Regex
