• LevelBlue Learning helps you increase your knowledge of LevelBlue products and services, increase your breadth and depth of cybersecurity knowledge and skills, and be vigilant against and mitigate the latest cybersecurity threats.

      LevelBlue Learning includes courses for beginners who are new to cybersecurity, as well as more advanced courses for engineers and security analysts who have worked in the industry for years.

    • If you would like access to our full library please share your details with us and we'd be delighted to get in touch with you. 


Available courses

This course walks students through the process of initial configuration USM Anywhere, including setting up asset discovery, scanning, log collection, events, alarms, and rules.

Audience: IT professionals who will be installing, configuring, and using USM Anywhere

Modules

  • Introduction
  • Deployment
  • Log Collection
  • Organizing Assets and Asset Groups
  • Creating Views and Reports
  • Vulnerability Scans
  • Investigate and Remediate Vulnerabilities
  • Events and Alarms
  • Using Sensor Apps and BlueApps
  • Implementing Rules
  • Implementing Advanced Rules
  • Reviewing and Managing your Subscription
  • Compliance and Reporting
  • Additional Features

Course Duration: 2.5 hours

The USM Anywhere™: Security Analysis (ANYSA) course provides security analysts with the knowledge and tools to fully leverage USM Anywhere to perform analyst duties. Students benefit from instructor lectures, and product demonstration. This comprehensive course ensures that you can use all of USM Anywhere’s functions and features to detect and respond to security incidents and determine the extent of a compromise.

Audience: Security analysts and IT professionals who work with USM Anywhere

Modules

  • Introduction
  • Preparation
  • Tuning
  • Threat Intelligence
  • Detection & Evaluation
  • Containment & Response
  • Recovery
  • Root Cause Analysis
  • Conclusion

Course Duration: 3 hours

This course will ​provide you with some key information to be aware of before setting up USM Anywhere and provide details about sensor deployment.

Audience: System administrators preparing to deploy USM Anywhere

Recommended Prerequisites: Introduction to USM Anywhere

Topics:

  • Sensor Overview
  • Preinstall Checklist
  • Common Sensor Functionality
  • VMware Sensor
  • Microsoft Hyper-V Sensor
  • Amazon Web Services Sensor
  • Microsoft Azure Sensor
  • Initial Deployment Workflow
  • Sensor Setup Wizard
  • Connecting Additional Sensors

Course Duration: 35 Minutes

This course demonstrates how to replace an existing sensor with a newly deployed one. You will see the procedure to ensure that all assets, jobs, events and so on that were associated with the old sensor are retained and linked to its replacements.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

    Course: Introduction to USM Anywhere
    Course: Setting up USM Anywhere

Course Duration: 3 Minutes

This course demonstrates the initial deployment and configuration of a GCP sensor. It also demonstrates the sensor activation through the web UI.

Audience: USM Anywhere System Administrators

Course Duration: 7 Minutes

This course demonstrates the initial deployment and configuration of a HyperV sensor. It also demonstrates the sensor activation through the web UI.

Audience: USM Anywhere System Administrators

Course Duration: 6 Minutes

This course demonstrates the initial deployment and configuration of a Azure sensor. It also demonstrates the sensor activation through the web UI.

Audience: USM Anywhere System Administrators

Course Duration: 9 Minutes

In this course we will walk through the AWS sensor deployment and review the contents of the CloudFormation template structure.

Audience: USM Anywhere System Administrators

Course Duration: 30 Minutes

This course demonstrates the initial deployment and configuration of a VMware sensor. It also demonstrates the sensor activation through the web UI.

Audience: USM Anywhere System Administrators

Course Duration: 5 Minutes

This course will teach you how Event correlation works in USM Anywhere​. It will help you to understand how a Rule uses correlation to evaluate Events and help you write better Orchestration Rules in USM Anywhere.

After completing this course, students will understand how Event correlation works in USM Anywhere​. Students will see how multiple Events are tracked and evaluated in USM Anywhere and correlated to trigger Alarm rules.

Audience: USM Anywhere System Administrators

Recommended Prerequisites: USM Anywhere™: Deploy, Configure, Manage (ANYDC)

Topics

  • Rule Processing Order
  • Basic Event Correlation
  • Correlation of multiple events with Mute
  • Correlation with Assign or Equal
  • Complex Correlation

Course Duration: 30 Minutes

This course will teach you about rules in USM Anywhere​ and how they can be created in line with best practice so that they perform as efficiently as possible and avoid errors.

After completing this course, students will understand how rules are structured and the best practice you should follow when creating rules. You will also understand how to review rule history, statistics, and errors and how to address issues seen there in. 

Audience: USM Anywhere System Administrators

Recommended Prerequisites: USM Anywhere™: Deploy, Configure, Manage (ANYDC)

Topics

  • Module 1: Operators Overview
  • Module 2: Rules Best Practice
  • Module 3: USM Anywhere Rules Status and Performance

Course Duration: 45 Minutes

This courses teaches how to install, configure and troubleshoot NXLog on Windows

Audience: USM Anywhere System Administrators

Topics

  • Module 1: Introduction and Overview
  • Module 2: Install, Configure, and Troubleshoot
  • Module 3: Forwarding Extra Logs
  • Module 4: Filtering Logs with PatternDB

Course Duration: 35 minutes

This course demonstrates how to configure your Azure environment to collect and forward logs to a USM Anywhere sensor using the Azure Agent and Web Application logging.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Topics

  • Module 1: Configuring Azure Sensor Credentials
  • Module 2: Configuring Azure Agent Logging (Windows)
  • Module 3: Configuring Azure Web App Logging

Course Duration: 32 minutes

This course demonstrates how to configure your AWS environment to collect and forward logs to a USM Anywhere sensor using AWS CloudTrail, AWS VPC Flow Logs, and the AWS CloudWatch agent.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Topics

  • Module 1: Configuring CloudTrail
  • Module 2: Configuring VPC Flow Logs
  • Module 3: Configuring CloudWatch Agent

Course Duration: - 30 minutes

This course introduces you to the AlienVault Agent. The AlienVault Agent extends the Endpoint Threat Detection and Response (EDR) capabilities of AlienVault® USM Anywhere™. It includes host-based threat detection, file integrity monitoring, Windows log collection and response actions, all without a sensor. Each agent will talk directly to AlienVault® USM Anywhere™. This makes the agent particularly useful for monitoring remote assets.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Course Duration: 15 Minutes

This course demonstrates how to configure your Microsoft Windows Server 2008 (or newer) to forward logs to a sensor using Windows Event Forwarding. You will see how to install the required certificate on your system and how the group policy can be updated to forward the events.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Course Duration: 4 Minutes

This course demonstrates how to configure your Microsoft HyperV server to forward both physical and virtual network traffic to your HyperV Sensor for monitoring​​.

Audience: USM Anywhere System Administrators

Course Duration: 4 Minutes

This course demonstrates how to configure your VMware ESX server to forward both physical and virtual network traffic to your VMware Sensor for monitoring​​.

Audience: USM Anywhere System Administrators

​​Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Course Duration: 7 Minutes

This course provides an general overview of the USM Anywhere product and the functionality it provides to the user.

Audience: For anyone interested in USM Anywhere.

Course Duration: 25 minutes

This course introduces you to Sensor Apps and BlueApps in USM Anywhere. We define the differences between the two app types, showing the actions that can be leveraged and how these actions can be invoked through use cases for each type. Finally, we provide a demonstration of the Sensor Apps and BlueApps UI.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Course Duration: 27 Minutes

This course will provide an overview of some of the Advanced BlueApps currently provided on the USM Anywhere platform.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Topics:

  • Introduction
  • Cisco Umbrella BlueApp
  • Jira BlueApp
  • G Suite BlueApp
  • Office 365 BlueApp

This course should take approximately 31 minutes to complete.​

This course demonstrates how to configure Multi-Factor Authentication for USM Anywhere user accounts.

Audience: USM Anywhere System Administrators

Recommended Prerequisites:

  • Course: Introduction to USM Anywhere
  • Course: Setting up USM Anywhere

Course Duration: 5 Minutes

This course provides a high level introduction to threat hunting and associated concepts.  

Audience: This material is targeted at cybersecurity professionals and IT professionals who wish to get an introduction to threat hunting concepts

Topics:

  • Overview of Threat Hunting concepts
  • Configuring USM Anywhere Event Filters for productive threat hunting
  • Demonstration of how to conduct a threat hunt using USM Anywhere

Course Duration: 1 Hour

This course introduces the SentinelOne® Management Console to students and shows all the functionality available to detect and protect against attacks on endpoints where the SentinelOne® Agent is installed.

Audience

  • Endpoint Security with SentinelOne® Customers
  • SentinelOne® Customers

Modules

  • Introduction and Course Overview
  • Technology Overview
  • SentinelOne Agent
  • Threat Detection
  • Tuning
  • API Integration
  • Conclusion

Course Duration: 100 minutes

This course will be updated regularly with threat Intelligence news and noteworthy items to help prevent and fight cybersecurity threats targeting your  organization.

Audience: This material is targeted at cybersecurity professionals and IT professionals who wish to keep current on all the latest threats.

This course will be updated regularly with threat Intelligence news and noteworthy items to help prevent and fight cybersecurity threats targeting your  organization.

Audience: This material is targeted at cybersecurity professionals and IT professionals who wish to keep current on all the latest threats.

Are you just starting out with IT Security, trying to become familiar with some of the core terms? Well if the concepts and terminology surrounding security are “alien” to you this course may help provide some of the information you need.

This material is not a replacement for a full Information Security course and is provided as a value add to students that have an IT background but may not be familiar with IT Security.

Audience: Everyone

Topics:

  • Look at the reasons attackers attempt to exploit networks and systems.
  • Review some of the most common system vulnerabilities.
  • Examine the methods by which attacks are delivered.
  • Consider attack types and how they are implemented at a high level.

Course Duration: 65 Minutes

This will focus on effectively managing the security and compliance of public cloud deployments.

Audience: Anyone who works in a organization responsible for deploying and maintaining cloud environments.

Topics

  • Real World Risks
  • Cloud Security Basics

Course Duration: 10 Minutes

This course reviews how a ransomware attack can happen, what to be aware of and how to prepare so you are ready in the event of an attack.

Audience: Anyone interested in how ransomware attacks occur in an organization

Topics

  • How Threat Actors target organizations.
  • How a foothold is gained and data is exfiltrated.
  • Steps to follow in the event of a ransomware attack.
  • How to be prepared for a ransomware attack.

Course Duration: 40 Minutes

This course provides an overview of the USM Appliance product and its architecture. Students will learn the basics of how to configure the product, including how to manage assets, perform vulnerability scans and understand data sources.

Students benefit from instructor lectures, and product demonstration. This course covers Modules 0-5 of the live online version of AUSE.

Audience

  • Security Engineers
  • Security Analysts
  • IT Professionals who implement, operate or support security systems
  • Security professionals working at resellers or partners

Modules

  • USM Appliance Overview
  • Initial Configuration
  • Asset Management
  • Data Sources
  • Vulnerability Scanning

Course Duration 3 hours 50 minutes

This course describes how to search and filter for alarms, events and logs within the USM Appliance product. Students benefit from instructor lectures, and product demonstration.

This course covers Modules 6-8 of the live online version of AUSE.

Audience

  • Security Engineers
  • Security Analysts
  • IT Professionals who implement, operate or support security systems
  • Security professionals working at resellers or partners

Modules

  • Alarms, Events, Directives and Logs
  • Policies and Actions
  • Writing Directives

Course Duration 3 hours 5 minutes

This course describes how to implement threat detection using Host Based Intrusion Detection (HIDS) and Network Based Intrusion Detection (NIDS). Students benefit from instructor lectures, and product demonstration. 

This course covers Modules 9-10 of the live online version of AUSE.

Audience

  • Security Engineers
  • Security Analysts
  • IT Professionals who implement, operate or support security systems
  • Security professionals working at resellers or partners

Modules

  • Threat Detection - NIDS and HIDS
  • Netflow
  • Availability Monitoring

Course Duration 1 hour 15 minutes

This course describes Open Threat Exchange (OTX) and how to perform security analysis within the USM Appliance product. Students benefit from instructor lectures, and product demonstration.

This course covers Modules 11-13 of the live online version of AUSE.

Audience

  • Security Engineers
  • Security Analysts
  • IT Professionals who implement, operate or support security systems
  • Security professionals working at resellers or partners

Modules

  • Open Threat Exchange (OTX)
  • Security Analysis
  • Reports

Course Duration 33 minutes

This course describes the USM Appliance deployment options and covers system maintenance. Students will learn how to manage users and create custom plugins. Students benefit from instructor lectures, and product demonstration.

This course covers Modules 14-17 of the live online version of AUSE.

Audience

  • Security Engineers
  • Security Analysts
  • IT Professionals who implement, operate or support security systems
  • Security professionals working at resellers or partners

Modules

  • Deployment
  • System Maintenance
  • User Management
  • Plugins

Course Duration 45 minutes

This course reviews how to troubleshoot common configuration problems within the USM Appliance product. Students benefit from instructor lectures, and product demonstration.

This course covers Modules 18-19 of the live online version of AUSE.

Audience

  • Security Engineers
  • Security Analysts
  • IT Professionals who implement, operate or support security systems
  • Security professionals working at resellers or partners

Modules

Troubleshooting

Course Duration 21 minutes