España, Madrid
+34 912 193 768
Tres Cantos Madrid, Spain

Configuring Aruba IntroSpect

Curso: Aruba
Curso -ID: AIS

Typical candidates for this course are Aruba implementation partners who will be installing IntroSpect into customer networks or customer Administrators and Network Architects who will design and plan and maintain the IntroSpect system.

The following knowledge is recommended for this seminar:
There are no certification prerequisites for this course. Participants should understand basic networking technologies and design concepts. Participants should be familiar with the Microsoft domain structure and authentication concepts, as well as a basic knowledge of Aruba ClearPass.  It is also recommend that a participant in this class be familiar with the features of the Aruba Mobility Controller and the firewall.

This course teaches how to plan & implement an enterprise security solution using Aruba IntroSpect. The material covers integrating & monitoring wired & wireless networks into the product. Hands-on labs will lead you through the configuration and integration with ClearPass as well as other network servers. Configuration of log sources to monitor network traffic & authentication. You will get an introductory primer on conducting threat hunting and evaluating the analytics provided by User & Entity Behavior Analytics (UEBA). Aruba’s best practices in establishing a security monitoring infrastructure are presented. Candidates will acquire the skills to assess a company’s security requirements & then design a monitoring solution to meet them. Learn to integrate IntroSpect into campus LAN, WLAN, & multisite environments. Exposures to security analytics on warehouse and IoT networks.
The 3 day course is approximately 55% lecture & 45% hands-on lab exercises. Giving students the skills required to implement IntroSpect.

After you successfully complete this course, expect to be able to:

  •  Understand the architecture of the IntroSpect system.
  •  Determine the appropriate IntroSpect deployment for customer situations.
  •  Determine the most effective locations to monitor traffic on the network.
  •  Configure log sources to gather data for analytics.
  •  Configure IntroSpect Packet Processor to forward log data to the IntroSpect Analyzer.
  •  Configure effective analytics on the IntroSpect Analyzer.
  •  Integrate IntroSpect with ClearPass for a complete security solution.
  •  Review and evaluate user and entity behavior characteristics.
  •  Identify common indicators of compromise.
  •  Administer and update the IntroSpect system

Detailed content

Security Basics

  • Characteristics of an Attack
  • Indicators of Compromise
  • Cyber Attacks and the Cyber Kill Chain

Introduction to IntroSpect

  • IntroSpect Overview
  • Analytics Tools and Dashboards
  • AI and Machine Learning in IntroSpect

System Installation

  • IntroSpect Analyzer Configuration
  • IntroSpect Packet Processor Configuration

Analyzer Deployment Architecture

  • Fixed Configuration vs Scale-out Deployments
  • Licensing
  • Deployment Scenarios
  • Overview of How IntroSpect Uses Logs and Data

Log Sources

  • Introduction to the Log Processing Chain
  • Configuring Log Sources
  • Customizing Log Sources

ClearPass Integration

  • IntroSpect as an External Context Server in ClearPass
  • Configuring ClearPass Log Sources in IntroSpect
  • Configuring ClearPass API and Client for IntroSpect
  • Quarantine Users / Entities from IntroSpect

Configuring Analytics

  • Introduction to Analytics and the Analyzer Dashboard
  • Entity360
  • Monitoring Strategies
  • Data Validation

Alert Investigation

  • Alert Investigation and Baselines
  • Alert Notifications and Chaining Alerts
  • Analyzing Alerts and Conversations

Administrative Tasks

  • Software Upgrade
  • IntroSpect Analyzer Health Checks
  • Data Retention Tuning
  • Administrative User Management
  • IntroSpect Analyzer Logs and Tech Support


  • System Alarms
  • Debugging the ETL Pipeline
  • Evaluating Log Sources and Alerts Errors
¡Reservar ahora!

¿Tiene usted alguna pregunta?

Seminarios similares

Implementing and Operating Cisco Collaboration Core Technologies

Developing Solutions Using Cisco IoT and Edge Platform

Implementing Cisco Quality of Service

Introducing Automation for Cisco Solutions

Arista Cloud Engineer Level 1 - Cloud Novice

Arista Cloud Engineer Level 2 - Cloud Associate