ArcSight Data Sources

Written by

in

ArcSight ESM can collect output from the logs of 300+ types of sources.  The logs are collected by HP ArcSight Connectors.  The logs go through normalization and categorization and converted into what is known as Common Event Format (CEF).  CEF is an industry standard for log format.

CEF contains information such as IP, host names, time date stamp, attack name, port, number, vendor type, country of origin.

ArcSight Data Sources Include (but are not limited to):

– Intrusion Detection and Prevention Systems
– Vulnerability Assessment Tools
– Firewalls
– Anti-virus and Anti-spam Tools
– Encryption tools
– Application Audit Logs and Physical Security Logs

“ArcSight Connectors also manage ongoing updates, upgrades, configuration changes and administration of distributed deployments through a centralized web-based interface. They can be deployed as software or on an appliance.”

 Resource:

http://www8.hp.com/us/en/software-solutions/software.html?compURI=1340541#.UV9dVDct2ls

 

Ready to actually get the RMF/ISSO job?

Go from reading about the Risk Management Framework to doing it — with the full video course, the books, and a community of GRC professionals taught by Bruce Brown (CISSP, CGRC).

Get the RMF ISSO Foundations course → Browse the RMF & GRC books Join the free GRC community

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *