Working with ArcSight Management System

---

Arcsight is a cybersecurity tool released in 2000.
It is an intelligence software for security information and event management (SIEM) and log management. Arcsight is designed to help the organization in identifying security threats, track response activities, and simplify compliance and audit activities.   Introduction to ArcSight  ArcSight is a security management system that is built to monitor and track the data insights of a business product.
It is a portfolio that is designed to work with multiple products to solve security-related threats for improving productivity. ArcSight mainly consists of three major components.
In this article, we had explained each and every feature of ArcSight that will help you to gain real knowledge of using the ArcSight portal in managing the data with its components. This Arcsight training will make you professional in handling end to end security tasks in an organization. Now, let go through the insights of the Arcsight.
What is ArcSight? ArcSight is an ESM platform which stands for Enterprise Security Manager. It is a tool that is designed and implemented for managing the security policies within an organization.
It is used in detecting, analyzing, and resolving cybersecurity-related threats within a short duration of time. The ESM platform includes the products for collecting the events, real-time event management, log management, automatic response, and compliance management.
Briefing about the ArcSight Components ArcSight describes the components of the security model consisting of security monitoring features and functionalities. ArcSight resolves the problems of several requirements by collecting and storing the data for long term use cases.
ArcSight Components Classification 1. Arcsight SIEM Platform   The ArcSight SIEM Platform environment includes the security and visibility operations which leverage the monitoring platform infrastructure.
The platform captures, normalizes, and categorizes all the events and logs from network and security devices. 2.
ArcSight ESM  The ArcSight ESM has the capability of collecting the broad log information combined with the powerful correlation engine which can detect the threats from multiple products and alerts the customers to take action on the vulnerabilities. 3.
ArcSight Logger  The ArcSight Logger provides log management and storage capabilities with automated compliance reporting. It can store up to 42TB of log data that can search for multiple events per second over structured and unstructured data.
It supports automated reporting for SOX, PCI DSS, NERC, and other regulations. 4.
ArcSight Express The ArcSight Express includes the technologies of real-time correlation and log management from ESM and logger. The Express is referred to as “security expert in a box” which has several built-in correlation rules, dashboards, and reports.
It provides deployment and low-cost monitoring solutions for the infrastructure. 5.
ArcSight SmartConnectors  The ArcSight SmartConnectors collect the event data from network devices and normalizes the data structure into a schema. The connectors can filter the data, save the network bandwidth and storage space.
The SmartConnectors improves efficiency by aggregating the events to reduce the quantity of the same type. The events can be categorized into a readable format which makes it easier for using the events to build the filters, rules, and reports.
ArcSight ESM Network model The ArcSight ESM Network model is the combination of network and asserts models together builds the correlation criteria.  The elements of the network model consist of the following resources. Asserts Assert Ranges Zones Networks Customers  Event life Cycle in ArcSight There are seven event life cycle in ArcSight ESM 1.
Data collection and event processing  The data is gathered from various sources and then it is processed. 2.
Network model lookup and priority evaluation  Here we apply the logical setup of a network with the naming and structures so as to understand the environment, location, and then is set for priority evaluation. 3.
Correlation evaluation  In this phase, the correlations will be evaluated and then will move to monitor and investigate. 4.
Monitoring and investigation  The scenarios have to be properly understood to know what it is in order to monitor and is then allowed for investigation from an analyst so as to move to the workflow. 5.
Workflow  In this phase, the workflow process model is implemented. 6.
Incident analysis and reporting  Here we have to report the data and provide the analysis for what is obtained or received. 7.
Event archival  Finally, the events will be archived into an external storage environment. The data can be stored for an extended period of time.
An event is passed from all these seven stages.  Conclusion The ArcSight tutorial gives you a clear vision of the usage and understanding of components that implement the compliance policy rules for detecting the vulnerabilities and resolving the issues with data management on security products. Source: Free Articles from ArticlesFactory.com This is Manikanth, currently working as a Content Developer at HKR Trainings.
I am passionate about doing research over various technical domains and publishing articles and end-user documents..