L2-Entity Monitoring - Situational Awareness

This is the official forum for discussing the ArcSight Activate L2-Entity Monitoring - Situational Awareness package, as described in the Activate Wiki

  • I was talking with someone today who was going to have some difficulty using the Terminated User Account use case. Their legal department frowns on such terminology, since it implies that the people were fired, which generally is not the case. Since I assume that the use case is meant for tracking any accounts that should not be doing stuff, how about something like "Inactive Accounts"? This would cover both disabled and deleted accounts. Aside from the legal issue, it would make it clearer to users what the intention of the use case is.

  • Hi all, I wrote a package for Cisco ISE that fits nicely into the Entity Monitoring scheme.  A customer has it in testing right now, I did some testing against the Entity Package and it worked nicely.  You can add it into the list of products that can be monitored by it.  It will be up on Marketplace as soon as I finish the documentation.