Focus on IDS
Setting up Arcsight/Tripwire Apr 07 2009 08:15AM
venkatesh selvaraju gmail com (2 replies)
Re: Setting up Arcsight/Tripwire Apr 07 2009 10:10PM
Randal T. Rioux (randy procyonlabs com) (2 replies)
Re: Setting up Arcsight/Tripwire Apr 08 2009 07:21PM
Mike Lococo (mikelococo gmail com)
Re: Setting up Arcsight/Tripwire Apr 08 2009 07:20PM
Aseem Kumar (kumaraseem gmail com) (1 replies)
RE: Setting up Arcsight/Tripwire Apr 08 2009 08:54PM
David Henning (David Henning hughes com)
Re: Setting up Arcsight/Tripwire Apr 07 2009 04:26PM
Paul Schmehl (pschmehl_lists tx rr com) (2 replies)
Re: Setting up Arcsight/Tripwire Apr 18 2009 03:05PM
Stephen Mullins (steve mullins work gmail com)
RE: Setting up Arcsight/Tripwire Apr 08 2009 04:48PM
Rivera, Angel L. (arivera mitre org)
I concur with getting help and training configuring Arcsight

I will say that out of the box Arcsight can receive data from al the devices you mention but you have quite a bit of homework before you even touch Arcsight - for each device you need to determined what is it that you want to "capture/filter" - in other words what events in particular are you interested in (e.g., logons & log offs, access failures, successful access to critical files). Then you need to configure each device to generate the events onto audit trails/logs - for windows for example you need to turn audit on and for each file that you want to track you need to go and turn audit for that file. Once you do all this then you can look at Arcsight to receive/forward/filter logs and generate report/alerts.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Paul Schmehl
Sent: Tuesday, April 07, 2009 12:27 PM
To: venkatesh.selvaraju (at) gmail (dot) com [email concealed]; focus-ids (at) securityfocus (dot) com [email concealed]
Subject: Re: Setting up Arcsight/Tripwire

--On Tuesday, April 07, 2009 02:15:13 -0600 venkatesh.selvaraju (at) gmail (dot) com [email concealed] wrote:

> Dear All,
>
> I was wondering if anyone has any standard rules and policies which can be
> instantly deployed & added to Arcsight ESM for monitoring Windows, UNIX,
> database and network devices. I understand the rules vary and are specific to
> the OS and n/w devices. We have to setup the rules and commission Arcsight in
> our company. If anyone has prior hands-on using Arcsight or if you have any
> literature, please share. Also, if you have any docs on how to setup rules
> on Tripwire tool for file integrity checking please share the information.
> Thank you in advance.
>

Arcsight is an expensive product. Surely you got training and access to docs
with your licenses? If you're just now deploying, Arcsight should be assisting
you with that - especially your salesperson.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus