HPE Protect 2016 SOC Prime session


Practical research on SIEM health check, ArcSight monitoring, operations and daily administration tasks through the prism of Data Science. Andrii Bezverkhyi shares the insight from SOC Prime team on how to apply principles of Predictive Maintenance to ArcSight ESM and ADP.

In 2016 SOC Prime followed the tradition of presenting at HPE Protect in Washington D.C. and this time we covered entire research behind Predictive Maintenance for SIEM operations, specifically ArcSight platform. The session covers basics of ArcSight self-monitoring, administration and goes to advanced topics beyond SIEM Health Check such as real-time tracking of Data Acquisition, Data Quality, Security and Performance. Research highlights importance of measuring all data relevant metrics in continuous real time process and connecting them with knowledge and remediation advisory. Agenda includes data collection via ArcSight connectors & ADP, data parsing, categorization, asset modeling, timeliness measurement, device and use case monitoring and reporting.