Self-tuning device-status monitoring for HP ArcSight ESM
Speaker: Ian Nice, EdgeSeven
Join us as we explain how we’ve leveraged correlation rules, active lists, and trend actions to develop an advanced self-tuning, device-status monitoring content pack for HP ArcSight ESM. The pack utilizes a sliding window and standard deviation to recognize subtle changes in the environment being monitored. Attendees will gain an understanding of how EdgeSeven designed and implemented a self-tuning capability in ArcSight ESM. You will learn how sliding windows thresholds can be calculated using active lists and trend actions. And, you will gain an understanding of content pack, and how it should be installed and configured.