My account

Tag: Events

In the previous article, we examined Additional Data fields and how to use them. But what if events do not have needed/required/necessary information even in Additional Data fields? You may always face the situation when events in ArcSight don’t contain all needed information for Analysts. E.g., user ID instead of username, host ID instead of […]

While working with SIEM, eventually you come across a situation where your tool requires to be updated to the latest version, moved to a different data center or migrated to a more productive installation. An integral part of this is the creation of backups and the subsequent transfer of data, configurations or customized content to […]

Event Filtering in IBM QRadar

3,256

While configuring a SIEM tool (including IBM QRadar), administrators often make the wrong decision: “Let’s send all logs to SIEM, and then we’ll figure out what to do with them.” Such actions most often lead to enormous license utilization, huge workload on a SIEM tool, appearance of a cache queue, and sometimes to event loss. […]

Many SIEM users ask a question: How do Splunk and HPE ArcSight SIEM tools differ? ArcSight users are confident that correlation events in ArcSight are a weighty argument in favor in using this SIEM because Splunk does not have the same events. Let’s destroy this myth. Splunk has many options to correlate events. So in […]

Historical Correlation

393

What if I deployed or designed new Use Case and I want to know if my company was exposed to the threat in the past? While working with ArcSight a lot of people are wondering whether there is a way to realize historical correlation. They even have several real life scenarios for this. The first […]