Hello; I have a newbie question and it may have been asked/answered before and I just didn't see it, if so I apologize for asking again if that's the case.
Background: I'm new to Arcsight and just came on board at a company that began implementing it last year. I have been assigned the task of helping to create effective reporting, trending, and analytics using data collected in Arcsight.
Problem: Apparently in reviewing the implementation documentation and in speaking with the person assigned to support Arcsight, they turned on the audit flood gates and started dumping data without identifying the unique event codes and event types specific to each system, app, etc... that is sending data to Arcsight. As you can imagine we are getting millions of records.
Question: Is there a way to generate a report of every unique event type/code and group them by point of origin? Of do you have a more effective solution/recommendation?