SN16: Deep Dive into ArcSight ESM Rules

Document created by jmerrill on Sep 28, 2009Last modified by jmerrill on Jul 8, 2014
Version 2Show Document
  • View in full screen mode
Deep Dive into ArcSight ESM Rules
Speaker: Rob Block, Senior Software Engineer-ArcSight
This presentation highlights the capabilities of rules. It explores advanced features including negated aliases, rule scheduling, and active list use cases. These features provide a powerful arsenal of tools to capture and correlate security information.
Level: Advanced