1001: Mastering the world of Microsoft events

Document created by tinacostilla on Sep 14, 2012Last modified by tliu on Jul 8, 2014
Version 3Show Document
  • View in full screen mode


Mastering the world of Microsoft events

Speaker: Arthur Hedge, Castle Ventures LLC

Integrating events from Microsoft systems within HP Arcsight can be challenging. Analysts have to deal with many log formats from Windows events, Exchange, Outlook Web App, and specific applications. Join us for an overview of log formats and Microsoft SmartConnectors, and for a discussion of best practices in deploying, tuning, and filtering SmartConnector events. We’ll present several use cases that take advantage of Windows logs, and we’ll tell you how to develop Microsoft-specific content within HP Arcsight ESM. We will also discuss developing, testing, and deploying a custom parser for a Windows application log.