Configuring Aruba IntroSpect (AIS)


Seminar content

This course teaches how to plan & implement an enterprise security solution using Aruba IntroSpect.  The material covers integrating & monitoring wired & wireless networks into the product. Hands-on labs will lead you through the configuration and integration with ClearPass as well as other network servers.  Configuration of log sources to monitor network traffic & authentication.  You will get an introductory primer on conducting threat hunting and evaluating the analytics provided by User & Entity Behavior Analytics (UEBA).  Aruba’s best practices in establishing a security monitoring infrastructure are presented. Candidates will acquire the skills to assess a company’s security requirements & then design a monitoring solution to meet them. Learn to integrate IntroSpect into campus LAN, WLAN, & multisite environments. Exposures to security analytics on warehouse and IoT networks.
The 3 day course is approximately 55% lecture & 45% hands-on lab exercises. Giving students the skills required to implement IntroSpect.

After you successfully complete this course, expect to be able to:
  •  Understand the architecture of the IntroSpect system.
  •  Determine the appropriate IntroSpect deployment for customer situations.
  •  Determine the most effective locations to monitor traffic on the network.
  •  Configure log sources to gather data for analytics.
  •  Configure IntroSpect Packet Processor to forward log data to the IntroSpect Analyzer.
  •  Configure effective analytics on the IntroSpect Analyzer.
  •  Integrate IntroSpect with ClearPass for a complete security solution.
  •  Review and evaluate user and entity behavior characteristics.
  •  Identify common indicators of compromise.
  •  Administer and update the IntroSpect system.

Target audience

Ideal candidate for this course:
Typical candidates for this course are Aruba implementation partners who will be installing IntroSpect into customer networks or customer Administrators and Network Architects who will design and plan and maintain the IntroSpect system.

Prior knowledge

The following knowledge is recommended for this seminar:
There are no certification prerequisites for this course. Participants should understand basic networking technologies and design concepts. Participants should be familiar with the Microsoft domain structure and authentication concepts, as well as a basic knowledge of Aruba ClearPass.  It is also recommend that a participant in this class be familiar with the features of the Aruba Mobility Controller and the firewall.

Detailed content

Security Basics
  • Characteristics of an Attack
  • Indicators of Compromise
  • Cyber Attacks and the Cyber Kill Chain

Introduction to IntroSpect
  • IntroSpect Overview
  • Analytics Tools and Dashboards
  • AI and Machine Learning in IntroSpect

System Installation
  • IntroSpect Analyzer Configuration
  • IntroSpect Packet Processor Configuration

Analyzer Deployment Architecture
  • Fixed Configuration vs Scale-out Deployments
  • Licensing
  • Deployment Scenarios
  • Overview of How IntroSpect Uses Logs and Data

Log Sources
  • Introduction to the Log Processing Chain
  • Configuring Log Sources
  • Customizing Log Sources

ClearPass Integration
  • IntroSpect as an External Context Server in ClearPass
  • Configuring ClearPass Log Sources in IntroSpect
  • Configuring ClearPass API and Client for IntroSpect
  • Quarantine Users / Entities from IntroSpect

Configuring Analytics
  • Introduction to Analytics and the Analyzer Dashboard
  • Entity360
  • Monitoring Strategies
  • Data Validation

Alert Investigation
  • Alert Investigation and Baselines
  • Alert Notifications and Chaining Alerts
  • Analyzing Alerts and Conversations

Administrative Tasks
  • Software Upgrade
  • IntroSpect Analyzer Health Checks
  • Data Retention Tuning
  • Administrative User Management
  • IntroSpect Analyzer Logs and Tech Support

  • System Alarms
  • Debugging the ETL Pipeline
  • Evaluating Log Sources and Alerts Errors


Book now!

  • 13.06.-15.06.2022 13.06.2022 3 days 3T Amsterdam
    • Classroom Training 2.500,-
      • Your seminar
      • Seminar documents, teamwork, labs
      • Food & drinks on site
      • Seminar services
  • 26.09.-28.09.2022 26.09.2022 3 days 3T Amsterdam
    • Classroom Training 2.500,-
      • Your seminar
      • Seminar documents, teamwork, labs
      • Food & drinks on site
      • Seminar services
  • 07.11.-09.11.2022 07.11.2022 3 days 3T Wien
    Course language - English
    • Classroom Training 2.500,-
      • Your seminar
      • Seminar documents, teamwork, labs
      • Food & drinks on site
      • Seminar services

Do you have questions?

We are happy to call.
Privacy Policy*