CSN9: Was that Network Change Approved?

Document created by jmerrill on Sep 28, 2009Last modified by jmerrill on Jul 8, 2014
Version 2Show Document
  • View in full screen mode
Was that Network Change Approved?
Speakers: Ben Spader, Security Consultant-Spader Consulting; Scott Parkinson, Enterprise Specialist-ArcSight
See ways to enable ArcSight to do advance correlation between network changes and the change ticket system to determine if the change was done by an authorized person, as well as if it was within the proper change window specified in the change ticketing system. Anyone with the need to enhance current rules to take them to the next level should attend this session. This use case covers advance techniques that can be applied to many other use cases to enhance the capabilities and automation. You will learn to identify if the network change was done by an approved person, within or outside an approved change window, and if the network change did not have a change record. Attendees should have an in-depth understanding of active lists and how variables work within rules.
Level: Advanced