Pardon me to border you, I am looking at using our current ArcSight ESM Express set up without having to procure additional application to achieve set of attached above but it looks like steps are missing from some of the ArcSight documentation I have researched or the one suggested by Hp ArcSight support team - .(ESM Console User’s Guide ArcSight Express v3.0 Featuring ESM with CORR Engine Storage).
The plan is to achieve these:
- Attack pattern/Geo-location – similar to attached above
- Allowing access to Google map for interpreting of the attacker IP address,Malware location etc).
- Asset view/ Network discovery – similar to above
I would be glad if someone could help from their wealth of experiences or point me to appropriate documentation(s) or videos.