Archive for April, 2013
ArcSight Data Sources

ArcSight ESM can collect output from the logs of 300+ types of sources.† The logs are collected by HP ArcSight Connectors.† The logs go through normalization and categorization and converted into what is known as Common Event Format (CEF).† CEF is an industry standard for log format.

CEF contains information such as IP, host names, time date stamp, attack name, port, number, vendor type, country of origin.

ArcSight Data Sources Include (but are not limited to):

Ė Intrusion Detection and Prevention Systems
Ė Vulnerability Assessment Tools
Ė Firewalls
Ė Anti-virus and Anti-spam Tools
Ė Encryption tools
Ė Application Audit Logs and Physical Security Logs

“ArcSight Connectors also manage ongoing updates, upgrades, configuration changes and administration of distributed deployments through a centralized web-based interface. They can be deployed as software or on an appliance.”

†Resource:

http://www8.hp.com/us/en/software-solutions/software.html?compURI=1340541#.UV9dVDct2ls

 

Reviews for Asian Dating Sites

Reviews for Asian Dating Sites

Here is a review of some of the dating sites popular among Philippines and other asian countries. Although date & romance is like its own industry, there are also some legit people there looking for real love.

asian-dating-sites

ava-violet/googleplus sexywomen

1. Filipinocupid.com ‚Äď This is the most popular dating site to find a filipina.. Unfortunately it is also where most active date scammers hang out.

2. Cebuanas.com ‚Äď Men and the filipinas specifically cebuanas are more serious on this dating site for finding their partner rather than just playing around and scamming.

3. Tagged.com- This is not a dating site but a social networking site to interact with people around the world although most men and women are bad and nasty posting an inappropriate pictures. Mostly people that go to the site are into flirting or sex only or plainly finding someone to talk to when they are bored.

4. Dateinasia.com This dating site is all about playing around. Nothing serious going on with searching for a partner here. Most people are into scamming and fooling each other or plainly flirting and sex. 90 % is that it will be impossible to find the right partner you are seeking.
5. Cherryblossoms.com¬†Guys pay to get into the site and on emailing the filipina women. So it is more serious here because there’s no communication without the payment. But still, it is up to the opposite sex if they are gonna be compatible with each other to proceed on a real relationship.
6. Jref.com -This dating site is all about japan. It tackles the Japanese language , culture, their history and travel. Nevertheless, some of the Filipinas have used the site for romance scam to the Japanese guys using fake pictures of hot girls to get money, laptops and other kind of gadgets from them.

7. thailovelinks.com is a thai dating site of thai women searching for love on the other side of the world.

8. thaikisses.com is also another popular site for finding a thai love. Thai people are very respectful and kind.

9. asiankisses.de is another  dating site with beautiful women coming from different asian countries.

10. vietnamcupid.com is the dating site that cater for guys who are in search of love, relationship and marriage with vietnamese beauties.

There are several popular website in finding your asian love online. So, goodluck! I wish you find your other half .

Top 8 Reasons Why Filipina Scam Online

Top 8 Reasons Why Filipina Scam Online

If you are involved in the online dating scene and considering trying to court a filipina girl friend then you should read this before you proceed.

With their beauty and sweet loving nature, its clear to see why so many westerners (Europeans, Australians, Canadians etc) would pursue a filipina.

But there is a HUGE darkside to the Filipino dating sites. The Filipino dating sites are infested with gold diggers and scammers. While all dating sites have them, Filipino/foreigner dating sites have A LOT more than average. Here are the top 8 reasons why filipinas scam foreign guys:

filipina-scam-online

courtesy of 419-eater

1.  Materialistic

Its the little things that brighten a ladies day: A new purse, new sandals, a good lunch. Once they have a taste of regularly getting nice things, its hard to stop. Its easier to find a western bf online who will give money than it is to get cash from anywhere else. So sometimes they scam a guy online JUST for getting their hair and nails done, or a nice dress or for some piece of jewelry.

2. Family/Parents/Relatives

Most of the filipino families don’t discourage daughters from getting money online. In fact, they may even encourage them to get more from scamming. Much of the the money that comes from scams goes to the familys basic needs such as food, electric and other bills that are supposed to be responsibilities of the parents to take care of.

Note: Bills, Yes it is commonly the alibi that filipinas use in scamming guys to ask them for money or it can be emergency needs such as death in the family, hospitalization bills or typhoon that caused damages in their houses.

Here is a video of a pinay scammer acting and fake crying while chatting. Lol.

https://www.youtube.com/watch?v=_mzSV1yHUQk

3. Poverty

The first things you mat notice of you actually go to the Philippines is that its overcrowded and very poor. There are few jobs and too many people. The utilities and bills are much higher than the average Filipino can afford. Due to so much corruption within the government it seems like the poverty will be permanent. Poverty is one of the main reasons for the amount of scammers.

4. Children

What greater reason to scam than to get money for milk for kids. If your child had nothing to eat, do you think you would do whatever it takes to feed them? While its nice to help kids, a dating site is not the right place to do it. How can you tell who has legitimate problems and who is lying? You cannot. Especially not online.

5. Pleasure

Some of the filipinas find it a pleasure, a joy to be able to scam guys and get big amount of money with a very little effort of lying until it finally becomes a habit. A habit which they cannot stop unless there’s no more pitiful guys that they can fool. For them, it becomes a boost to the ego to trick guys. Its exciting to meet new people and scam them.

6. Education

College girls need money for their school fees, tuition and books. Since they hear a lot of stories of what other women are doing, they are inspired to do the same since it is easy. What else can be a better way to get money than to scam!?

7. Filipino Boyfriends

Most filipinas doing romance scams on the dating sites HAVE a filipino boyfriend. They use the money from the scam to feed their boyfriends, go shopping, clubbing with friends or outing. The sad thing is the guy online getting scam thinks that he is the only one but in reality, there’s another man getting pimping in background.

8. Influence

Generally, most of the people in the Philippines do not find it as an offensive act to scam guys online for money. When girls talk about it, instead of disappointment, they are amazed that filipinas get so much money out of it and so they spread the word and inspire other women to do. it.

Its unfortunate that because there are so many filipina scammers, filipinas have a growing reputation in the west as being all about money and scamming. Its now MUCH harder for overseas Filipino workers to get visas to work abroad because they are questioned on their intentions of leaving the Philippines. It affects the GOOD filipina fiance who falls in love with a westerner because the family of the westerner will question her legitimacy.

Of course, its not ALL filipinas that are scamming on dating sites, but its definitely many. And its hard to identify who is real and whos fake. Some of the filipinas you will talk to are more focused on money, most are just lying scammers, and very few are interested in an actual relationship that is not about money, but knowing each other deeper.

At least half of the population of these women are already in a relationship with a filipino boyfriend or another foreign guy. And still others are recently broke up with a filipino boyfriend but still have attachment to him. Also, many are not even women but men that pretend to be women.

DO NOT give out money on dating sites. If these people want money they should go to a charity site. Sometimes filipino/foreign dating sites are more like a corner with beggars than a place to find love.

If you are serious about finding love or a wife, FILIPINAS make the BEST wives. They have many good qualities that a man wants. But finding the right one for you takes a long time with luck just like any other dating site.

FABRO MORGAN **SCAM**

*SCAM EMAIL* Currently in circulation

FROM MR FABRO MORGAN
THE CHIEF ACCOUNTANT,
FIRST NATIONAL BANK OF SOUTH AFRICA (FNB)
PRETORIA SOUTH AFRICA
Email:fabromorganblumail.org
ATTENTION: GOOD FRIEND,

I am Mr. Fabro Morgan, the chief accountant of First National Bank of South Africa (FNB) a division of FirstRand Bank limited South Africa I am making this contact with you based on the
need for an individual/company who is willing to assist me with a solution to a money transfer.††† First and foremost, I apologized using this medium to reach you for a transaction/business of this magnitude, but this is due to Confidentiality and prompt access reposed on this medium.
In unfolding this proposal, I want to count on you, as a respected and honest person to handle this transaction with sincerity, trust and confidentiality. I have decided to seek a confidential co-operation with you in the execution of the deal described hereunder for the benefit of all parties and hope you will keep it as a top secret because of the nature of this transaction.
There is an account opened in this bank in 1997 and till 2003 nobody has operated on this account again after going through some old files in the records, I discovered that if I do not
remit this money out urgently it would be forfeited for nothing. This deposit was for 5 years and upon maturity I made effort to contact my client, l could not reach him. I was forced to travel to Germany and there I got the tragic news that, my client Mr. Andreas Schranner, his wife Maria, their daughter Andrea Eich, his son in law Christian, and their children Maximilian and
Katharina, all perished on the Monday, 31 July, 2000 plane crash in western German city of Moenchengladbach. No other person knows this account or anything concerning it, the
account has no other beneficiary and my investigation proved to me as well that his company does not know anything about this account and the money involved is USD$25,000,000.00
(Twenty Five Million United Dollars Only).
View the web site bellow for more information on our late client.
http://news.bbc.co.uk/1/hi/world/europe/859479.stm
I want us to first transfer USD$10 Million from this money into your safe overseas account before the rest and this is to avoid any breach of law to both Countries. I am seeking your
assistance as a foreigner, since as civil servant I am not allowed to operate foreign accounts.† Should you be willing to assist in this transaction your share as compensation will be USD$10,
000,000.00 (40%), while I will receive USD$15, 000.000.00 (60%).
The business is completely safe and secure, provided you treat it with utmost confidentiality. It does not matter also your area of specialization is not a hindrance to the successful execution of this transaction. I have reposed confidence in you and hope that you will not disappoint me.† And this is 100% risk free. Kindly notify me by sending your secured mobile phone and fax numbers for further details upon your acceptance of this proposal.
Thank you in anticipation of your co-operation.
Regards,

MR.FABRO MORGAN
THE CHIEF ACCOUNTANT,
FIRST NATIONAL BANK OF SOUTH AFRICA (FNB)

Maria Bongi Ntuli **SCAM**

***SCAM***† The is a common scam email in circulation

From: Mrs. Maria Bongi Ntuli

Deputy Minister, Social Development

Rep. of South Africa.

Email: maria_nbongi@minister.com†† <—This is not her real email†

 

My Dearest in Christ,

 

My name is Mrs. Maria Bongi Ntuli currently the Deputy Minister of Social Development, Rep. of South Africa and has served in many capacities towards nation building.

 

You can view my profile at www.gov.za by clicking on government leaders, click on deputy ministers and locate Social development and read about me. I am married to late Mr. Zuma Ntuli and the marriage lasted for 25years with only a child before he died of an illness that lasted only for 6weeks but when he was alive we deposited the sum of USD30.5 million in a financial institution here in my country which was emanated as a result of an over invoiced contract he did with my former ministry. Though I assisted him in securing the contract but never knew he over inflated the contract and the government we are in under Comrade Jacob Zuma came up with a policy to review contracts awarded years ago and he is poised to confiscating funds with irregular tender, hence my contacting you.

 

Recently, my doctor told me that I will not last up to 6months because of my diagnosis of cancer and my most pressing problem is the stroke which I am managing before this new medical case. Having known my condition I decided to donate this fund to a church or better still, a Christian individual that will utilize this money the way I am going to instruct here in.

I want a person or church that will use this fund to churches, orphanages, research centers and widows propagating the word of God and to ensure that the house of God is maintained.

However, I and my late husband decided to use some of the money to work for God and live some for our son to have a better life but our son is just 15years old now having low maturity hence the reason for taking this bold decision and will like you to understand that my contact to you is by a divine direction; As soon as I receive your reply I shall give you the contact of the Finance/bank and will also issue you a letter of authority that will empower you as the new beneficiary of this fund.

 

Please contact me immediately you receive this email so that I will instruct the finance/bank to proceed in transferring the fund into your account immediately while I am still alive. PLEASE DO NOT CALL MY OFFICE LINE BECAUSE OF THE CONFIDENTIALITY OF THIS MONEY! I WILL GIVE YOU MY PRIVATE DIRECT LINE ON YOUR RESPONSE TO THIS EMAIL.

 

Yours faithfully,

Mrs. Maria Bongi Ntuli

Deputy Minister, Social Development

Rep. of South Africa.

Email: maria_nbongi@minister.com

ArcSight Roles

A SIEM is tool that allows an organization to have a watchful eye on its territory.
ArcSight is such a robust system that the organization must have many hands adjusting the lenses and apertures of this monitoring device.
The organization assigns roles to manage this system:

ArcSight Administrator.† This role is sometime known as ArcSight Integrator , ArcSight Architect, or ArcSight engineer.† This role will include installation and operational maintenance of the ArcSight system.† They will need to be muliti-disciplined and a bit of a quick study because they must know networking, security, server, and database fundamentals.† They will almost definitely need to be comfortable in multiple operating systems.† They will have to install ESMs, connectors, loggers and other ArcSight products.† They may also need to model the network, develop system resources as well as reports and KB articles as an ArcSight author.

ArcSight Analyst.† This role is a discipline within ArcSight.† Other names include Content developer, ArcSight Security Analyst, ArcSight Operator.† They are responsible for monitoring events and investigating with correlation and research.† They also may conduct incident handling which is a good reason to have skills in SANS GCIH (www.giac.org/certification/certified-incident-handler-gcih) GIAC Certified Incident Handler.† The Analyst will be familiar with the ArcSight Consoleís active channels, report/query generating tools and notifications.
www.sans.org/reading_room/whitepapers/incident/

Security Manager.† Also known as the customer, the Business user, they are the management that runs the security operations.† They should be responsible for generating a use case for ArcSight.

ArcSight Consultant. This is a very broad term because the consultant can do either Analyst or Administration.† Consultant work is really based on the needs of the security manager.† Also, the consultant can be an independent contractor or an employee.

Shipping Scam

Its been called a “courier scam” or a “shipping scam”.† The tactics are the same.† The scammer asks you to cover the cost of a shipment in exchange for valuable package containing some sort of riches or business opportunity. But what happens is that you hand over your money and you get nothing but a request for more money.† They typically just keep asking for money for nothing in return until you stop.† And if you finally demand that you get something in return that is when they ignore you.

From experience and reader notifications I have observed the behavior of this kind of scam.

There are a few common elements of shipping scams:

shipping scam

dart board trust me

– Lies of Legitimacy: †Using a fraudulent or non-existent company, the scam artist attempts to gain trust so the victim will be willing to give money without hesitation. †They will claim to be a legit courier company complete with payment processors or an international shipping company or even royalty (a prince lol). †They will often use names of real people or organization. †Another trick they like to do is to use a name that is very close to a real name so that if you search their company on the Internet, the first results is a legitimate company or one that used to exist.

For example:

Here is a fake and/or defunct company name:

Global Link Logistics and Delivery Company (GLLDC)Website: gloldc.com (site is in active)

shipping-scam

 

The names that this courier scammers use is very similar to legitimate companies.† But the way to distinguish them is to† watch for unprofessional behavior, poor logic and grammar skills, and Same Content on Different Sites.

-Same Content / Different Site:† It may look like a legit shipping/courier site.† You may even be able to put in the tracking number they gave you.† But if you look closely you will see something CRAZY:

shipping scam & courier scam

shipping scam

gloldc.com (Global Link Logistics and Delivery Company) ad copy:

As a reliable logistic service provider, we help customers to deliver their items from their door step to receiver’s door step. Customer will never need to worry about the taxes, documentation, transhipment, forklift, etc.

courier & shipping scam

courier & shipping scam

gloloss.com (Global Logistics and Security) ad copy:

As a reliable logistic service provider, we help customers to deliver their items from their door step to receiver’s door step. Customer will never need to worry about the taxes, documentation, transhipment, forklift, etc.

courier & shipping scam

courier & shipping scam

qrcss.com (Quick Reliable Courier Service) ad copy:

As a reliable logistic service provider, we help customers to deliver their items from their door step to receiver’s door step. Customer will never need to worry about the taxes, documentation, transhipment, forklift, etc.

HMMMMM.. there is something soooo familiar about these sites… I CAN NOT PUT MY FINGER ON IT.† FORGET IT.. I WILL TRUST THEM ANYWAY.† I WILL SEND THEM $500 cash.. that should cover the cost of my $4.4 million dollar check and gold necklaces.

You can find many sites like this going in the scammers site copying and pasting some of the text of their site into Google:

Try this

“Customer will never need to worry about the taxes, documentation, transhipment, forklift, etc.”

– Fake Forms: †They will send realistic looking forms that look like its the start of a real transaction. †The fake form will include website, contact info, logos and letterhead:

courier scam

shipping courier scam document

The “TRUST ME” technique: †After setting up a relationship of trust, the next step is to get your money.† They will flirt, cater to your ego, offer amazing things, offer to make sweet love to you, offer you a million pounds if you pay the tiny $800 shipping fee… anything to get you interested and earn your trust.

†From and actual email:

———- Forwarded message ———-

From: GLOBAL LINK LOGISTICS <info@gloldc.com>

Date: Wed, Apr 3, 2013 at 12:30 AM

Subject: PARCEL 5998000000

To: XXXX@gmail.com

This is to notify you that your parcel already arrive in China which is

the last destination before it will reach ur home address in USA.it is a

company policy that u must pay the Local handling charges in order to

process the documents needed for International Delivery.

†The charges is 850 US DOLLAR kindly let us know how you prefer to send the

money by BANK Transfer it takes 3 to 4 working days before can clear and

proceed on delivery but if u prefer to send it by any money transfer that

is the easiest way which only takes couple of hours and the delivery will

proceed immediately.Thank you and we will be waiting for your reply.

 

Fake Profiles: If they are listed on a social media site then you will see a fake profile of them.† They will have a fake picture and a fake name.† Sometimes its a mixture of ID theft as they will grab some poor guys real picture then repost it as themselves with the name of some other poor guy.† The very stupid scammers will use the picture of a model or actor that is already all over the Internet.

You can verify if the picture has been reused by downloading the picture to your system then drag and drop the image into Google images.. and find all the times that same picture has been used.

Not Educated or Professional:† One of the most common items with these types of scams, is that the scammer usually speaks and/or writes with errors you would not see in an adult with even a little bit of English/professional experience.

†In conclusion, I will just say this.† These Shipping scammers (courier scammers.. whatever you want to call them) they do have a business.† But they in the business of taking your money for nothing.† They are in the business of cheating and lying and coning people out of their hard earned money.† Its difficult to accept but that is the kind of world we live in.† There many people that have no remorse, no empathy, no respect and their only skill is to steal.† The only thing that will stop them is if people stop giving them money.. then they will have to find a job or do real work… with any luck they will have THEIR hard earned money stolen so they will know the feeling.

 

 

 

 

ArcSight n00b Part2: Skillset Prereq

ArcSight

So you want to get into ArcSight, but don’t know what skills you should have to even start?† At an organization I worked for we had a hard time hiring ArcSight Engineers/Administrators.† There are not many people with actual ArcSight experience beyond use of the client side console.† So we started looking for individuals that might be able to learn the system quickly.† Based on some of the people we hired here are some prerequisites that might help you to start in ArcSight:

Linux/Unix – Although ArcSight ESM/Database works on Windows, the Linux/Unix systems have a serious learning curve.† You need to have a strong grasp of the basics if your ArcSight ESM or Database is on a Linux/Unix OS.† Basic commands to traverse a directory, copying, pasting, finding and manipulating data, user and group manipulation on the command line is a necessity.† All of this is more transparent on a Windows system, but in a Linux/Unix environment its best to have some experience.† Some scripting experience is helpful but not absolutely necessary.† I would say the the level of knowledge is Comptia Linux+ if the system is in a linux OS.† The more comfortable you are with linux that the better.

HP ArcSight 5.2 Operates on these operating systems:

Microsoft Windows
Server 2003 R2
(SP2) 32-bit
Microsoft Windows
Server 2003 R2
(SP2) 64-bit
Microsoft Windows
Server 2008 R2
SP2 64-bit

Red Hat Enterprise
Linux 5 (RHEL 5.7)
32-bit
Red Hat Enterprise
Linux 5 (RHEL 5.7)
64-bit
Red Hat Enterprise
Linux 6.1 64-bit
SUSE Linux 11
Enterprise Server
64-bit

IBM AIX 5L,
Version 5.3
(5.3.0.70) 64-bit
IBM AIX 6L, 6.1
64- bit

Oracle DBA – HP ArcSight ESM 6.x has moved to a database called CORR.† But most current (circa 2013) ESM/DB implementations will have an Oracle back end.† This is sure to change within about 3 years as more people go to CORR.† I would say low level DBA Oracle skills is very necessary.† Once you start installing and understanding ArcSight you see that its just a database with a complex user interface that allows intricate manipulation of how the data is viewed.. its SQL with a fancy user interface.† As an ArcSight Engineer, you will have to face Oracle at some point.† Be ready!† Skills necessary are starting, stopping the database, doing simple SQL commands, understanding how Oracle works with ArcSights ESM front in, basic trouble shooting and managing database user accounts.† If you have a DBA on staff that is great, but you will still need to know some basics.

More info on CORR:

HP ArcSightís Correlation Optimized
Retention and Retrieval (CORR) Engine is a
breakthrough technology that delivers orders
of magnitude improvement in log correlation
and storage, helping security administrators
thwart the complex threats they face today.

–HP ArcSight Express

Security Analyst – ArcSight has two separate tracks / bodies of knowledge:† HP ArcSight Security Analyst & HP ArcSight Administrator/Engineer.† These two bodies of knowledge do have some cross over, but each goes very deep into their own dimensions.† For example, an HP ArcSight Security Analyst does not need to know anything about Oracle installation and troubleshooting and still be a great analyst, and the HP ArcSight Engineer does not need to know how to analyze a TCP/IP packet using a protocol analyzer.

A security analyst will be familiar with many tools of their trade:† packet sniffers, network scanners, IDS/IPS (host and/or network based) and they should have a strong understanding of how networks and TCP/IP work.† The ArcSight Security Analyst should know how to look at a TCP/IP packet and figure out the source/destination and potential nature of a packet in the context of a given network.† They should be able to use the ArcSight Console, create reports, active channels and use the ArcSight Logger.† A huge benefit would be to know how to create ArcSight content (aka rules).† For some sort of baseline of knowledge base: CEH, CISSP, GCIA.

Other skills might include:

Networking / Security – Since ArcSight is collecting security logs over a network both computer security skills and skills in networking are helpful.† More specifically, having experience with hardening workstations and/or servers, understanding the why security policies are important to organizations and hands-on experience with system security in a medium to large operational environment will give a good exposure to security.† Knowledge base level might be somewhere between a Security+ and a CISSP.† As for networking, the basics are needed for an ArcSight Engineer/Administrator because you must integrate ArcSight into a local area network.† So you need to understand basic ip addressing, how to use tools for troubleshooting connectivity, ip subnetting,† and how TCP/IP works.† So you don’t need to be a CCNA or even a CCENT because you are not configuring switches and routers but something like the skillset of Comptia Network+ would do.

Storage – Surprisingly enough knowledge of storage might come in handy.† Because in a large environment where lots of data are collected in a database your organization will likely use a storage device of some sort.† ArcSight works better with certain storage devices.† This is important information for an ArcSight Engineer because storage can directly affect the performance that the customer sees.

These are just some of the prerequisites that I have found helpful but of course nothing beats actual ArcSight Engineering/Admin/Analyst experience when looking for an ArcSight professional† and this is good to keep in mind as you dig deeper into ArcSight.† The “unicorn” ArcSight candidate is the one that has worked for the company, (HP) ArcSight.

 

ArcSight n00b (Part 1)

ArcSight

ArcSight n00b

ArcSight for dummies.. is a an oxymoron because you cannot do ArcSight and be a dummy.  The system is overly complex with too many moving parts.

In a world of intuitive interfaces and user friendly complex systems Arcsight is “rocket surgery”.

The best I can do after 2 years with this log collecting, correlation beast is to tell what I have learned from my attempts at figuring it out.

 

What the HELL is ArcSight?

ArcSight is a security information & event manager (SIEM). ¬†It collects security event logs from critical servers, internetworking devices, proxies, firewalls and other core network systems. ¬†So systems like DNS servers, host based intrusion protection systems, intrusion detection systems and DHCP servers. ¬†Usually, these logs are monitored by a security analyst. ¬†You find SIEMs at medium to large organizations that have a lot to lose. ¬†That is to say, they have assets of great value: data, services, information systems. ¬†Since they must be online to conduct business, they may have a high exposure to the Internet and are under regular probing and or attack by numerous “threatsources” (attackers, malware, competitors).

ArcSight was bought be HP in 2010.  I am told by former ArcSight employees that this affected the quality of ArcSight.  But that is before my time.  The product seems great (aside from minor grievances <cough> Challenge Response Code <cough> and the employees very smart and very skilled.  HP seems to have kept much of the special sauce that makes ArcSight the top SIEM.

What Are the Components that Make up ArcSight?

Great question!  The main components of ArcSight (HP ArcSight..) are the following:

ArcSight ESM РArcSight Event Security Manager is software for monitoring security events.  It allows real-time view of security events, can take security incidents that may be related to a larger attack and alert the analyst (correlation), it allows historical views of trends on a given network.

ArcSight Logger РLogger is a log management solution that is designed for high event throughput, long-term storage for rapid data analysis.  It allows the security analyst to type in and ip address (for example, and see how many times that system was attacked or accessed and with what type of packet.

Connectors РThere are a few types of connectors but the main ones are the ConnectorAppliance and SmartConnetor.  A SmartConnector is software that collects event data from the network device and sends it to an ESM or Logger.   The ConnectorAppliance is a hardware solution that allows the management of many SmartConnectors.

arcsight-n00b

So if you are new to ArcSight where do you start:

It really helps to have a background in information assurance/security analysis, networking, Linux and databases. ¬†The learning curve seems to be having some comfort with all of this things. ¬†Usually, IT professionals are very deep in one area and weak in most others. ¬†If you are a true Jack of all trades, then you will like the challenge of ArcSight. ¬†If you don’t have any experience with these things. ¬†There are some other recommendations for ArcSight n00bs:

– ArcSight Certifications

– ArcSight Resources

 

 

Ref:

SmartConnector Users Guide (2009), Connector Appliance Admin Guide v4.6 (2008), Logger QuickStart v5.2 (2011), ESM v5.2 101, Concepts for ArcSight ESM v5.2 (2012).