SN17: Using Baselining to Detect Anomalies

Document created by beleslie on Aug 25, 2011Last modified by beleslie on Jul 8, 2014
Version 4Show Document
  • View in full screen mode

Using Baselining to Detect Anomalies
Till Jaeger, Principal Sales Engineer, HP ArcSight
Different mechanisms are available in ArcSight ESM and ArcSight Express to do baselining. Using baselines, anomalies can be detected and the signal can be isolated from the noise in the logs. This session will cover different algorithms in ArcSight products, including statistical data monitors, trends and Active lists to show how baselines can be created and which use cases can be solved.