1005: Self-tuning device-status monitoring for HP ArcSight ESM

Document created by tinacostilla on Sep 14, 2012Last modified by tinacostilla on Jul 8, 2014
Version 3Show Document
  • View in full screen mode

1005

Self-tuning device-status monitoring for HP ArcSight ESM

Speaker: Ian Nice, EdgeSeven

Join us as we explain how we’ve leveraged correlation rules, active lists, and trend actions to develop an advanced self-tuning, device-status monitoring content pack for HP ArcSight ESM. The pack utilizes a sliding window and standard deviation to recognize subtle changes in the environment being monitored. Attendees will gain an understanding of how EdgeSeven designed and implemented a self-tuning capability in ArcSight ESM. You will learn how sliding windows thresholds can be calculated using active lists and trend actions. And, you will gain an understanding of content pack, and how it should be installed and configured.

 

Attachments

Outcomes