LevelBlue Cybersecurity Training

Get expert instruction & hands-on practice with Unified Security Management.

GETTING STARTED:
MODULE 1: DEPLOYING A LEVELBLUE USM ANYWHERE SENSOR
MODULE 2: NIDS AND LOG COLLECTION

Launchpad for LevelBlue USM Anywhere

GETTING STARTED

This self-paced course is designed to help security engineers, analysts, and project team members quickly get up to speed with LevelBlue USM Anywhere. You'll gain a comprehensive overview of deploying a LevelBlue USM Anywhere Sensor, and configuring NIDS and setting up log collection, empowering you to start using LevelBlue USM. If you like these videos visit LevelBlue Learning for more.

MODULE 1: DEPLOYING A LEVELBLUE USM ANYWHERE SENSOR

AWS Sensor Deployment Demo

This video demonstrates the initial deployment and configuration of an AWS sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about AWS sensor deployment, comprehensive documentation can be found on the AWS Sensor Deployment page.

Azure Sensor Deployment Demo

This video demonstrates the initial deployment and configuration of an Azure sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about Azure sensor deployment, comprehensive documentation can be found on the Azure Sensor Deployment page.

VMware Sensor Deployment Demo

This video demonstrates the initial deployment and configuration of a VMware sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about VMware sensor, comprehensive documentation can be found on the VMware Sensor Deployment page.

Hyper-V Sensor Deployment Demo

This video demonstrates the initial deployment and configuration of a Hyper-V sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about Hyper-V sensor deployment, comprehensive documentation can be found on the Hyper-V Sensor Deployment page.

GCP Sensor Deployment Demo

This video demonstrates the initial deployment and configuration of a Google Cloud Platform sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about GCP sensor deployment, comprehensive documentation can be found on the GCP Sensor Deployment page.

Sensor Setup Wizard

This video demonstration walks through the VMware Sensor setup wizard, highlighting the purpose of each screen.

Sensor Redeployment Procedure

This video demonstrates how to replace an existing sensor with a newly deployed one. You will see the procedure to ensure that all assets, jobs, events and so on that were associated with the old sensor are retained and linked to its replacements. If you want to learn more about redeploying sensors, comprehensive documentation can be found on the Redeploying a Sensor page.

MODULE 2: NIDS AND LOG COLLECTION

Configuring NIDS on VMware

This video demonstrates how to configure your VMware ESX server to forward both physical and virtual network traffic to your VMware Sensor for monitoring. If you want to learn more about configuring Network Intrusion Detection (NIDS) in your environment, comprehensive documentation can be found on the Network Setup and Configuration page.

Configuring NIDS on HyperV

This video demonstrates how to configure your Microsoft HyperV server to forward both physical and virtual network traffic to your HyperV Sensor for monitoring. If you want to learn more about configuring Network Intrusion Detection (NIDS) in your environment, comprehensive documentation can be found on the Network Setup and Configuration page.

Configuring CloudTrail (AWS)

This video demonstrates how to configure AWS to capture CloudTrail Logs which monitors account activity from your environment. You will then see how USM Anywhere is configured to retrieve and analyse this information to create events. If you want to learn more about configuring USM Anywhere to monitor CloudTrail Logs, comprehensive documentation can be found on the AWS Log Discovery and Collection in USM Anywhere page.

Configuring VPC Flow Log Collection (AWS)

This video demonstrates how to configure AWS to capture VPC Flow Logs which represent network information from your environment. You will then see how USM Anywhere is configured to retrieve and analyse this information to create events. If you want to learn more about configuring USM Anywhere to monitor VPC Flow Logs, comprehensive documentation can be found on the Amazon VPC Flow Logs page.

Configuring the CloudWatch Agent (AWS)

This video demonstrates how to configure AWS CloudWatch Agent on an asset so it will send its logs to CloudWatch. You will then see how USM Anywhere is configured to retrieve and analyse this information to create events. If you want to learn more about configuring USM Anywhere to monitor CloudWatch, comprehensive documentation can be found on the AWS Log Discovery and Collection in USM Anywhere page.

Configuring Azure Sensor Credentials

This video demonstrates how to obtain Azure credentials and configure your USM Anywhere sensor to communicate with Azure. You will see how to obtain all the required credentials using a powershell script and where to enter these details in USM Anywhere. If you want to learn more about configuring USM Anywhere to communicate with Azure, comprehensive documentation can be found on the Creating an Application and Obtaining Azure Credentials page.

Configuring Azure Agent Logging

This video demonstrates how to enable Azure agent logging on a Windows asset. You will see how to configure event log collection and configure the scheduled job to pull the logs from Azure. If you want to learn more about configuring Azure Agent Logging, comprehensive documentation can be found on the Azure Log Discovery and Collection in USM Anywhere page.

Configuring Azure Web App Logging

This video demonstrates how to enable Azure Web App logging. You will see how to configure diagnostic (application) logging and configure the scheduled job to pull the logs from Azure. If you want to learn more about configuring Azure Web App Logging, comprehensive documentation can be found on the Azure Log Discovery and Collection in USM Anywhere page.

Endpoint Detection & Response (EDR)

This video introduces you to the LevelBlue Agent. The LevelBlue Agent extends the Endpoint Threat Detection and Response (EDR) capabilities of USM Anywhere. It includes host-based threat detection, file integrity monitoring, Windows log collection and response actions, all without a sensor. Each agent will talk directly to USM Anywhere. This makes the agent particularly useful for monitoring remote assets.

LevelBlue Training Learning Portal

Learning Portal

The learning portal is a cloud-based service that is expanding regularly with new courses and content. You can easily find the courses you need by selecting them from the course list or by choosing a learning plan that will guide you through a set of courses and keep track of your progress. For cybersecurity professional looking to become certified, there is a learning plan designed specifically to help candidates pass the LevelBlue Security Engineer (LBSE) exam. How does access work? Access to the portal is sold through LevelBlue.

Request info

Training-as-a-Service

We provide you with a tiered access model so you can choose the level of access that best fits your organization and increase your level of access at any time.

Portal Log in

FCC Cybersecurity Pilot Program LevelBlue Eligible Services

LevelBlue Managed Government Trusted Internet

LevelBlue Endpoint Security

LevelBlue Helps Quorum Healthcare with a Comprehensive and Fully-Integrated, Custom-Fit Security Stack

Frost & Sullivan: 2024 Competitive Strategy Leader in the Managed Security Services Industry

Leveling Up GRC: From Fragmented Controls to Strategic Integration

State of DevSecOps and Cloud Security Platforms: Scaling Security Practices to Accommodate Cloud-native Application Development

2025 LevelBlue Futures Report: Cyber Resilience and Business Impact

A Holistic Approach to Modernizing Network and Remote Workforce Security