Isn't Visio grand?
Since it's the base install on most corporate administrator's systems it will have to do as both a raster and vector tool to create cool images that can be incorporated into ESM using the Image Editor.
The ESM Image Editor is an unknown feature to many ArcSight users but it is a powerful way of getting some custom "eye-candy" on a dashboard with miniature Active Channel chart objects depicting the severity of events in different areas of your JPG or PNG Visio output.
Whether it be a topology map of your WAN with chart objects monitoring and providing a visual display of attacks in each region or a logical representation of an application and all of it's dependencies, ESM allows you to create stunning visuals with all of that blur of event data you are feeding into the system.
The attached tutorial cracks open the hidden Image Editor feature in the ESM Console and walks you through creating an image in Visio that can then be incorporated into ESM for use as an Image Dashboard. The tutorial provides a graphical representation of four popular event types; Security Devices, Network Devices, Application Devices and Operating Systems.
BEWARE: I have limited the number of filters to only foiur since each chart object on the image dashboard actually creates a consecutive Active Channel connection back to the manager at run-time. In environments where there are multiple instances of the console connected to the manager simultaneously this may not be feasible and may impact performance of other dashboards or channels while the Image Viewer is enabled.
EXCELLENT doc, sir. It's not very often I find a new how-to that actually excites me. I've shared this with some colleagues at work and will be on the lookout for use cases for our display screens for tours and the like. Thanks!
This is the kind of thing I'd love to see more of at the ArcSight conference, by the way. This is a wonderful tip that I suspect the vast majority of AS users aren't aware of at all. I suspect most SOCs, like ours, have at least one large screen at the front of the room that is used either for all analysts to see a broad view of the health of the network and high priority alerts or for eye candy for when execs/customers/visitors tour, etc. A walkthrough of the steps in this doc and a collection of use case ideas for content that would look good on the big screens would make for a great session!
Thanks for the kudos
You have some good ideas for the next User Conference material...
Great doc mate. Thanks for taking the time to produce it
Hey thanx Gary!
Great doc. I replicated your example and to save people some work i'll share the visio and image template here.
Its created with Visio 2003.
Loaded in Arcsight
Are there any possibilties to graph anything else but event priorities?
While playing a bit with this i'm looking for possibilities to graph anything else but event priorities using this technique
This would seriously be a great added value to the ArcSight console.
Is it possible to use datamonitors or queries and design your own dashboards this way? Right now I can apply it to any channel and create a nice looking chart of event priorities. I would really just like to graph anything from events in self designed dashboards.
Any ideas on how to do that?
Might also be an idea to start a thread on visualisation?
Nicely done Steven!
Thanks for your artistic contributions.
I agree with you that we should have a section for just visualization elements.
Unfortunately, event priority is all you can graph in the current image dashboards.
This document was generated from the following thread: Howto: Use Visio To Create a Dashboard