Course ID 01121644
Course format, Typical duration Select one:
ILT - Instructor Led, 3 days
VILT - Virtual Instructor Led, 3 days
Skill level Foundational
Delivery languages English
Lab required No
Related certifications
In preparation for these exams
Selected items from this course are included in these exams:
Register for this course.
Find this course offering in the Training calendar. Click "Register" to take the course in The Learning Center. Login and Password required.

Course description

This course teaches how to plan & implement an enterprise security solution using Aruba IntroSpect.  The material covers integrating & monitoring wired & wireless networks into the product. Hands-on labs will lead you through the configuration and integration with ClearPass as well as other network servers.  Configuration of log sources to monitor network traffic & authentication.  You will get an introductory primer on conducting threat hunting and evaluating the analytics provided by User & Entity Behavior Analytics (UEBA).  Aruba’s best practices in establishing a security monitoring infrastructure are presented. Candidates will acquire the skills to assess a company’s security requirements & then design a monitoring solution to meet them. Learn to integrate IntroSpect into campus LAN, WLAN, & multi-site environments. Exposures to security analytics on warehouse and IoT networks.

The 3 day course is approximately 55% lecture & 45% hands-on lab exercises. Giving students the skills required to implement IntroSpect.

Ideal candidate for this course

Typical candidates for this course are Aruba implementation partners who will be installing IntroSpect into customer networks or customer Administrators and Network Architects who will design and plan and maintain the IntroSpect system.

Suggested prerequisites

There are no certification prerequisites for this course. Participants should understand basic networking technologies and design concepts. Participants should be familiar with the Microsoft domain structure and authentication concepts, as well as a basic knowledge of Aruba ClearPass.  It is also recommend that a participant in this class be familiar with the features of the Aruba Mobility Controller and the firewall.


  • Security Basics
    • Characteristics of an Attack
    • Indicators of Compromise
    • Cyber Attacks and the Cyber Kill Chain
  • Introduction to IntroSpect
    • IntroSpect Overview
    • Analytics Tools and Dashboards
    • AI and Machine Learning in IntroSpect
  • System Installation
    • IntroSpect Analyzer Configuration
    • IntroSpect Packet Processor Configuration
  • Analyzer Deployment Architecture
    • Fixed Configuration vs Scale-out Deployments
    • Licensing
    • Deployment Scenarios
    • Overview of How IntroSpect Uses Logs and Data
  • Log Sources
    • Introduction to the Log Processing Chain
    • Configuring Log Sources
    • Customizing Log Sources
  • ClearPass Integration
    • IntroSpect as an External Context Server in ClearPass
    • Configuring ClearPass Log Sources in IntroSpect
    • Configuring ClearPass API and Client for IntroSpect
    • Quarantine Users / Entities from IntroSpect
  • Configuring Analytics
    • Introduction to Analytics and the Analyzer Dashboard
    • Entity360
    • Monitoring Strategies
    • Data Validation
  • Alert Investigation
    • Alert Investigation and Baselines
    • Alert Notifications and Chaining Alerts
    • Analyzing Alerts and Conversations
  • Administrative Tasks
    • Software Upgrade
    • IntroSpect Analyzer Health Checks
    • Data Retention Tuning
    • Administrative User Management
    • IntroSpect Analyzer Logs and Tech Support
  • Troubleshooting
    • System Alarms
    • Debugging the ETL Pipeline
    • Evaluating Log Sources and Alerts Errors


After you successfully complete this course, expect to be able to:
• Understand the architecture of the IntroSpect system.
• Determine the appropriate IntroSpect deployment for customer situations.
• Determine the most effective locations to monitor traffic on the network.
• Configure log sources to gather data for analytics.
• Configure IntroSpect Packet Processor to forward log data to the IntroSpect Analyzer.
• Configure effective analytics on the IntroSpect Analyzer.
• Integrate IntroSpect with ClearPass for a complete security solution.
• Review and evaluate user and entity behavior characteristics.
• Identify common indicators of compromise.
• Administer and update the IntroSpect system.

How to register

View the Certification and Learning Global Training Calendar to register for the training offerings that best meets your needs.

Policies, fees and cancellations

Course fees may vary. Fees are established and collected by the training center that delivers the course. Cancellation fees may apply. Contact your HPE Authorized Training Partner for their respective policies.