Focus on IDS
Setting up Arcsight/Tripwire Apr 07 2009 08:15AM
venkatesh selvaraju gmail com (2 replies)
Re: Setting up Arcsight/Tripwire Apr 07 2009 10:10PM
Randal T. Rioux (randy procyonlabs com) (2 replies)
Re: Setting up Arcsight/Tripwire Apr 08 2009 07:21PM
Mike Lococo (mikelococo gmail com)
Re: Setting up Arcsight/Tripwire Apr 08 2009 07:20PM
Aseem Kumar (kumaraseem gmail com) (1 replies)
RE: Setting up Arcsight/Tripwire Apr 08 2009 08:54PM
David Henning (David Henning hughes com)
Re: Setting up Arcsight/Tripwire Apr 07 2009 04:26PM
Paul Schmehl (pschmehl_lists tx rr com) (2 replies)
Re: Setting up Arcsight/Tripwire Apr 18 2009 03:05PM
Stephen Mullins (steve mullins work gmail com)
That's more plausible than you might think.

As far as documentation goes, the key seems to be finding someone that
has some of the ArcSight materials and making copies of it.

Other than that, you're on your own. The program's help system is
pretty useful though.

You can plug literally everything into ArcSight, but getting useful
information from those millions of events per day is where it gets
interesting.

If you understand ArcSight (play around with it for a while), and you
understand what you should be looking for/concerned with from a
security perspective, then it's simply a matter of creating
filters/reports to get the information you want. Not to oversimplify
things...

Steve

On Tue, Apr 7, 2009 at 12:26 PM, Paul Schmehl <pschmehl_lists (at) tx.rr (dot) com [email concealed]> wrote:
> --On Tuesday, April 07, 2009 02:15:13 -0600 venkatesh.selvaraju (at) gmail (dot) com [email concealed]
> wrote:
>
>> Dear All,
>>
>> I was wondering if anyone has any standard rules and policies which can be
>> instantly deployed & added to Arcsight ESM for monitoring Windows, UNIX,
>> database and network devices. I understand the rules vary and are specific
>> to
>> the OS and n/w devices. We have to setup the rules and commission Arcsight
>> in
>> our company. If anyone has prior hands-on using Arcsight or if you have
>> any
>> literature, please share.  Also, if you have any docs on how to setup
>> rules
>> on Tripwire tool for file integrity checking please share the information.
>> Thank you in advance.
>>
>
> Arcsight is an expensive product.  Surely you got training and access to
> docs with your licenses?  If you're just now deploying, Arcsight should be
> assisting you with that - especially your salesperson.
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> Check the headers before clicking on Reply.
>
>
>
>

[ reply ]
RE: Setting up Arcsight/Tripwire Apr 08 2009 04:48PM
Rivera, Angel L. (arivera mitre org)


 

Privacy Statement
Copyright 2010, SecurityFocus