Smart Connector :
Collects all required logs from devices in network
Filters data and thus saves storage and bandwidth
Parse all events and normalize in common schema for ESM
Aggregate events to reduce events count
Categorizes events in common format inorder to build rules,filters and reports
Processed events are passed to Manager
Arcsight Manager :
It is Java based server
Evaluates each events as per network model and vulnerability information
Develops real time threat summaries
Writes events to CORR engine
Corr Engine : (Correlation Optimized Retention and Retrieval Engine)
ESM organizes event by date and stores in Corr Engine as per event retention period .Correlation of events takes place in Corr Engine and then archived for long term use.
Arcsight Command Centre :
Manages users,storage and event data.
Monitors events
Generate Reports
Updates Licence
Arcsight Console :
Builds filters,rules,reports,pattern discovery and dashboards
Monitors data
Administer users and workflow
Arcsight Web :
Web interface to Manager
Monitors events .
Used to drill down dashboard ,reporting and notification for Security Analyst
Arcsight Risk Insight :
Assess business impact due to specific threat as per defined rules
Pattern Discovery :
Detects various patterns of events flow and used to
Discover day zero attacks
Discover low and slow attacks
Profile common patterns in network
Automatically creates rules
Arcsight Express :
Separately licenced
Collects all required logs from devices in network
Filters data and thus saves storage and bandwidth
Parse all events and normalize in common schema for ESM
Aggregate events to reduce events count
Categorizes events in common format inorder to build rules,filters and reports
Processed events are passed to Manager
Arcsight Manager :
It is Java based server
Evaluates each events as per network model and vulnerability information
Develops real time threat summaries
Writes events to CORR engine
Corr Engine : (Correlation Optimized Retention and Retrieval Engine)
ESM organizes event by date and stores in Corr Engine as per event retention period .Correlation of events takes place in Corr Engine and then archived for long term use.
User Interfaces within Arcsight
Manages users,storage and event data.
Monitors events
Generate Reports
Updates Licence
Arcsight Console :
Builds filters,rules,reports,pattern discovery and dashboards
Monitors data
Administer users and workflow
Arcsight Web :
Web interface to Manager
Monitors events .
Used to drill down dashboard ,reporting and notification for Security Analyst
Arcsight Risk Insight :
Assess business impact due to specific threat as per defined rules
Pattern Discovery :
Detects various patterns of events flow and used to
Discover day zero attacks
Discover low and slow attacks
Profile common patterns in network
Automatically creates rules
Arcsight Express :
Separately licenced
No comments:
Post a Comment