Hello Gurus, i am a newbie to Acsight.
I have a small dilema regarding Arcsight Zones. In my company's Arcsight enterprise environment, we have some departments that have similar IP address ranges which is a problem for SOC analyst folks, in that they sometimes can't distingush event sources.
My question is,if you define for example, your engineering department in your company as in Arcsight, but in that engineering department you have,sub-departments,( like QA dept for eg) that have its own separate Vlan and IP address ranges, what's the best practices for identifying those small separate departments within the Engineering zone in Arcsight ?
Anybody run into similar problems before?