SlideShare a Scribd company logo

TT3161_Afonin

Eugene Afonin
Eugene Afonin
1 of 25
Download to read offline
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. UsingHPArcSightAPIfordata visualization Eugene Afonin, Senior Sales Engineer #HPProtect
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Features - layout Google Map Events radar Events details
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 Features - Google Map Populated by events details from the clicked marker Tooltip tells exact numbers Shows events distribution by priority on marker click
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 Features - radar Red – high priority events, yellow – medium and blue are low Hover mouse to show tooltip Each bar represent one minute in the event flow Click here to populate table with corresponding events
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Features - table Events count is calculated automatically for each group level Multiple grouping is supported To group events just drag here any column header
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 Features - table (cont) Type here or click any cell to filter on cells values Click to open/close search filter Click any column header to sort (asc/desc) Type here or click any cell to filter on value
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 Features - clusters Zoom level 2 Markers combine or split up according to the map zoom level Zoom level 4
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 How it works Logger * * * ArcSight ESM/Express Logger search API call Search result in JSON Jscript code, Jscript & chart libraries Google API, Geo images Visualization Web App Incoming events High priority events
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 APIs used
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Could be enhanced • Add filter input field – so the Logger search query could be customized, not hardcoded • Add status window – show applied filter, app events etc. • Allow user to set data refresh interval • Make regular background JSON calls to silently upload data from logger – no need to page reload, hide search time lag from user • Access rights • Draw markers according to network model and show regional team details (email, phone, shift timetable etc.) • Ability to cluster events by customized map regions • Calculate statistics by region • Show different regions on different map zoom levels according to BUs or SOC team structure
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 Gephi – open graph viz platform Interactive visualization and exploration platform for all kinds of networks and complex systems, dynamic and hierarchical graphs. Runs on Windows, Linux and Mac OS X. Gephi is open-source and free.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 HP ArcSight Interactive Discovery
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 HP ArcSight ESM / Express Good: one shot – one kill Bad: AV can’t handle
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 Gephi – virus outbreak Good: one shot – one kill Bad: AV can’t handle Bad: Region creep
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 VIDEO STUB
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 For more information Attend these sessions • TB3273, Practical Examples of Big Data, Security Analytics and Visualization • TT3139, An introduction to HP ArcSight ESM web services APIs • PN3578, Security analytics panel: Hunting bad guys After the event • Download sources at: https://protect724.hp.com/ docs/DOC-11406 Your feedback is important to us. Please take a few minutes to complete the session survey.

Recommended

Logger quick start_hyperv_5.3
Logger quick start_hyperv_5.3Logger quick start_hyperv_5.3
Logger quick start_hyperv_5.3Vijaianand Sundaramoorthy
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
HP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchHP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchLancope, Inc.
 
Event Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEvent Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Crash Course for New Community Managers
Crash Course for New Community ManagersCrash Course for New Community Managers
Crash Course for New Community ManagersTrisha Liu
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solutionrickkaun
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 

Recommended

Logger quick start_hyperv_5.3
Logger quick start_hyperv_5.3Logger quick start_hyperv_5.3
Logger quick start_hyperv_5.3Vijaianand Sundaramoorthy
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
HP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchHP Protects Massive, Global Network with StealthWatch
HP Protects Massive, Global Network with StealthWatchLancope, Inc.
 
Event Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEvent Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Crash Course for New Community Managers
Crash Course for New Community ManagersCrash Course for New Community Managers
Crash Course for New Community ManagersTrisha Liu
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solutionrickkaun
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Basic nature of tourism
Basic nature of tourismBasic nature of tourism
Basic nature of tourismSwati Sharma
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight Mohamed Zohair
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Puppet
 
Service Management excellence with operational intelligence
Service Management excellence with operational intelligenceService Management excellence with operational intelligence
Service Management excellence with operational intelligenceHP Enterprise Italia
 
The Platform for Building Great Software
The Platform for Building Great SoftwareThe Platform for Building Great Software
The Platform for Building Great SoftwarePlatform CF
 
Pivotal One: The Platform For Building Great Software
Pivotal One: The Platform For Building Great Software Pivotal One: The Platform For Building Great Software
Pivotal One: The Platform For Building Great Software VMware Tanzu
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedMatthew Farina
 
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...James Watters
 
iKariera 2015
iKariera 2015iKariera 2015
iKariera 2015Tomáš Muchka
 
Trafodion – an enterprise class sql based on hadoop
Trafodion – an enterprise class sql based on hadoopTrafodion – an enterprise class sql based on hadoop
Trafodion – an enterprise class sql based on hadoopKrishna-Kumar
 
HP Helion Webinar #2
HP Helion Webinar #2 HP Helion Webinar #2
HP Helion Webinar #2 BeMyApp
 
HP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesHP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesMatthew Farina
 
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-HadoopHP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-HadoopMapR Technologies
 
Node.js as an IOT Bridge
Node.js as an IOT BridgeNode.js as an IOT Bridge
Node.js as an IOT BridgeEduardo Pelegri-Llopart
 
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges" Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges" Dataconomy Media
 
TIAD : Automation day by Jerôme Labat
TIAD : Automation day by Jerôme LabatTIAD : Automation day by Jerôme Labat
TIAD : Automation day by Jerôme LabatThe Incredible Automation Day
 
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...Impetus Technologies
 
SDN Realized Application Directed Networking
SDN Realized Application Directed NetworkingSDN Realized Application Directed Networking
SDN Realized Application Directed NetworkingOpen Networking Summits
 

More Related Content

Viewers also liked

Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Basic nature of tourism
Basic nature of tourismBasic nature of tourism
Basic nature of tourismSwati Sharma
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

Viewers also liked (6)

Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Basic nature of tourism
Basic nature of tourismBasic nature of tourism
Basic nature of tourism
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 

Similar to TT3161_Afonin

Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Puppet
 
Service Management excellence with operational intelligence
Service Management excellence with operational intelligenceService Management excellence with operational intelligence
Service Management excellence with operational intelligenceHP Enterprise Italia
 
The Platform for Building Great Software
The Platform for Building Great SoftwareThe Platform for Building Great Software
The Platform for Building Great SoftwarePlatform CF
 
Pivotal One: The Platform For Building Great Software
Pivotal One: The Platform For Building Great Software Pivotal One: The Platform For Building Great Software
Pivotal One: The Platform For Building Great Software VMware Tanzu
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedMatthew Farina
 
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...James Watters
 
Trafodion – an enterprise class sql based on hadoop
Trafodion – an enterprise class sql based on hadoopTrafodion – an enterprise class sql based on hadoop
Trafodion – an enterprise class sql based on hadoopKrishna-Kumar
 
HP Helion Webinar #2
HP Helion Webinar #2 HP Helion Webinar #2
HP Helion Webinar #2 BeMyApp
 
HP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesHP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesMatthew Farina
 
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-HadoopHP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-HadoopMapR Technologies
 
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges" Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges" Dataconomy Media
 
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...Impetus Technologies
 
SDN Realized Application Directed Networking
SDN Realized Application Directed NetworkingSDN Realized Application Directed Networking
SDN Realized Application Directed NetworkingOpen Networking Summits
 
4. Big data & analytics HP
4. Big data & analytics HP4. Big data & analytics HP
4. Big data & analytics HPMITEF México
 
Pivotal cf for_devops_mkim_20141209
Pivotal cf for_devops_mkim_20141209Pivotal cf for_devops_mkim_20141209
Pivotal cf for_devops_mkim_20141209minseok kim
 
Hp perfecto webinar - UFT Mobile
Hp perfecto webinar - UFT MobileHp perfecto webinar - UFT Mobile
Hp perfecto webinar - UFT MobilePerfecto Mobile
 
Getting Started with Apache Geode
Getting Started with Apache GeodeGetting Started with Apache Geode
Getting Started with Apache GeodeJohn Blum
 

Similar to TT3161_Afonin (20)

Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
 
Service Management excellence with operational intelligence
Service Management excellence with operational intelligenceService Management excellence with operational intelligence
Service Management excellence with operational intelligence
 
The Platform for Building Great Software
The Platform for Building Great SoftwareThe Platform for Building Great Software
The Platform for Building Great Software
 
Pivotal One: The Platform For Building Great Software
Pivotal One: The Platform For Building Great Software Pivotal One: The Platform For Building Great Software
Pivotal One: The Platform For Building Great Software
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involved
 
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
Ahead conference keynote deck, The Journey to Enterprise PaaS with Cloud Foun...
 
iKariera 2015
iKariera 2015iKariera 2015
iKariera 2015
 
Trafodion – an enterprise class sql based on hadoop
Trafodion – an enterprise class sql based on hadoopTrafodion – an enterprise class sql based on hadoop
Trafodion – an enterprise class sql based on hadoop
 
HP Helion Webinar #2
HP Helion Webinar #2 HP Helion Webinar #2
HP Helion Webinar #2
 
HP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesHP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional Services
 
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-HadoopHP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
HP Vertica and MapR Webinar: Building a Business Case for SQL-on-Hadoop
 
Node.js as an IOT Bridge
Node.js as an IOT BridgeNode.js as an IOT Bridge
Node.js as an IOT Bridge
 
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges" Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
Moustafa Soliman "HP Vertica- Solving Facebook Big Data challenges"
 
TIAD : Automation day by Jerôme Labat
TIAD : Automation day by Jerôme LabatTIAD : Automation day by Jerôme Labat
TIAD : Automation day by Jerôme Labat
 
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
Deriving Intelligence from Large Data - Hadoop implementation and Applying An...
 
SDN Realized Application Directed Networking
SDN Realized Application Directed NetworkingSDN Realized Application Directed Networking
SDN Realized Application Directed Networking
 
4. Big data & analytics HP
4. Big data & analytics HP4. Big data & analytics HP
4. Big data & analytics HP
 
Pivotal cf for_devops_mkim_20141209
Pivotal cf for_devops_mkim_20141209Pivotal cf for_devops_mkim_20141209
Pivotal cf for_devops_mkim_20141209
 
Hp perfecto webinar - UFT Mobile
Hp perfecto webinar - UFT MobileHp perfecto webinar - UFT Mobile
Hp perfecto webinar - UFT Mobile
 
Getting Started with Apache Geode
Getting Started with Apache GeodeGetting Started with Apache Geode
Getting Started with Apache Geode
 

TT3161_Afonin

  • 1. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. UsingHPArcSightAPIfordata visualization Eugene Afonin, Senior Sales Engineer #HPProtect
  • 2. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
  • 3. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
  • 4. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Features - layout Google Map Events radar Events details
  • 5. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 Features - Google Map Populated by events details from the clicked marker Tooltip tells exact numbers Shows events distribution by priority on marker click
  • 6. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 Features - radar Red – high priority events, yellow – medium and blue are low Hover mouse to show tooltip Each bar represent one minute in the event flow Click here to populate table with corresponding events
  • 7. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Features - table Events count is calculated automatically for each group level Multiple grouping is supported To group events just drag here any column header
  • 8. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 Features - table (cont) Type here or click any cell to filter on cells values Click to open/close search filter Click any column header to sort (asc/desc) Type here or click any cell to filter on value
  • 9. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 Features - clusters Zoom level 2 Markers combine or split up according to the map zoom level Zoom level 4
  • 10. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 How it works Logger * * * ArcSight ESM/Express Logger search API call Search result in JSON Jscript code, Jscript & chart libraries Google API, Geo images Visualization Web App Incoming events High priority events
  • 11. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 APIs used
  • 12. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Could be enhanced • Add filter input field – so the Logger search query could be customized, not hardcoded • Add status window – show applied filter, app events etc. • Allow user to set data refresh interval • Make regular background JSON calls to silently upload data from logger – no need to page reload, hide search time lag from user • Access rights • Draw markers according to network model and show regional team details (email, phone, shift timetable etc.) • Ability to cluster events by customized map regions • Calculate statistics by region • Show different regions on different map zoom levels according to BUs or SOC team structure
  • 13. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
  • 14. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
  • 15. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
  • 16. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
  • 17. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
  • 18. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SomeSIEMshavegooglemaps integrations–couldwedobetter? Plugginginopensourcetoolsfor analytics DoyouhaveaAppforthat? Visualizedataonyourportal
  • 19. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 Gephi – open graph viz platform Interactive visualization and exploration platform for all kinds of networks and complex systems, dynamic and hierarchical graphs. Runs on Windows, Linux and Mac OS X. Gephi is open-source and free.
  • 20. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 HP ArcSight Interactive Discovery
  • 21. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 HP ArcSight ESM / Express Good: one shot – one kill Bad: AV can’t handle
  • 22. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 Gephi – virus outbreak Good: one shot – one kill Bad: AV can’t handle Bad: Region creep
  • 23. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 VIDEO STUB
  • 24. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 25. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 For more information Attend these sessions • TB3273, Practical Examples of Big Data, Security Analytics and Visualization • TT3139, An introduction to HP ArcSight ESM web services APIs • PN3578, Security analytics panel: Hunting bad guys After the event • Download sources at: https://protect724.hp.com/ docs/DOC-11406 Your feedback is important to us. Please take a few minutes to complete the session survey.