CSN27: Automated ArcSight ESM Content Replication

Document created by jmerrill on Sep 10, 2010
Version 1Show Document
  • View in full screen mode

Automated ArcSight ESM Content Replication
Aaron Wilson, Assistant Vice President and CTO, SAIC
Level: Advanced
Learn step-by-step how to successfully automate the replication of content to one or more ArcSight ESM instances and avoid the pitfalls of ad hoc content replication. Automated content replication is useful in numerous scenarios, such as business continuity, disaster recovery, test instances, dedicated reporting and other multi-instance architectures. This deep dive details tips and tricks around example project requirements and assumptions; best practices for package design and content administration; built-in archive and package tools; scripting and scheduling; and XML hacking. ArcSight ESM administrators with advanced- or expert-level experience with all content will want to attend. Experience with the *nix command line is recommended, but tips could also be extended to Windows environments.