SN58: ArcSight, Monitor Thyself

Document created by jmerrill on Sep 10, 2010Last modified by jmerrill on Jul 8, 2014
Version 3Show Document
  • View in full screen mode

ArcSight, Monitor Thyself
Ken Mermoud, Software Development Manager, ArcSight; Rashaad Steward, ArcSight Enterprise Specialist, Public Sector, ArcSight
Level: Advanced
ArcSight components provide a wealth of internal audit events on the status of various ArcSight resources. In this session, we examine what those internal audit events contain and what information an ArcSight administrator can leverage to automatically monitor and restore the health of their ArcSight infrastructure. This session will cover advance techniques that can be applied to many other use cases to enhance automation. Attendees should have an in-depth understanding of active lists and how variables work within rules.