Mastering the world of Microsoft events
Speaker: Arthur Hedge, Castle Ventures LLC
Integrating events from Microsoft systems within HP Arcsight can be challenging. Analysts have to deal with many log formats from Windows events, Exchange, Outlook Web App, and specific applications. Join us for an overview of log formats and Microsoft SmartConnectors, and for a discussion of best practices in deploying, tuning, and filtering SmartConnector events. We’ll present several use cases that take advantage of Windows logs, and we’ll tell you how to develop Microsoft-specific content within HP Arcsight ESM. We will also discuss developing, testing, and deploying a custom parser for a Windows application log.