Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hp arcsight services 2014 ewb


Published on

Arcsight Services

Published in: Services
  • Be the first to comment

Hp arcsight services 2014 ewb

  1. 1. HP Arcsight Services Overview
  2. 2. Basic Services HP Arcsight, Smartconnectors incl. Logger • Planning • Installation • Deployment • Administration • Maintenance
  3. 3. Advanced Services • Use Case design/ Content Authoring – Creating/designing ESM content such rules, activelists, trends, reports to achieve specific business objectives – Efficient ESM investigation management through the use of cases
  4. 4. Best Practice • Create a process to ensure all devices to be monitored will send events to ArcSight – i.e. For Windows Smartconnectors, please make sure you add servers manually whenever a new server is commissioned. • Establish a case consolidation method • Establish a good naming convention for cases
  5. 5. Key Differentiator • Not just focused on BaseEvents (Device logs) but also on arcsight internal events to leverage ESM correlation potential • Highly skilled in data analysis using “Data about your data” • Experts in different platforms: OS/Network/Apps • Experienced with most IT security software available. • Worked for Infosec team of Security Companies: Trend Micro and Mcafee (now INTEL) • Focused on Security and Compliance (i.e. PCI-DSS) • Experienced in Open-Source
  6. 6. Sample Configuration Use case: Event Feed Monitoring - Tracking event input from monitored devices - Detecting devices that stoppped sending events for investigation * Use TTL or Event Expiry in ActiveLists
  7. 7. Sample Configuration Create ActiveList to Monitor Devices
  8. 8. Sample Configuration Use Field Merging to consolidate events Convert 1000s of related events in a single case
  9. 9. Thank you!