ArcSight 6.5: Management console_practical advantages!
ArcSight 6.5:What is the use of ArcSight Management console? is it a separate console or how to incorporate it along with console? is there any advantage of using management console? how to use it?Please suggest..looking forward to know the practical information from your experience. Thanks.
Hi Fahima khan,
ESM console is more flexible . Here you can create your own filters, rules, dashboards, Reports etc. ESM console helps in effective investigation of any logs. The GUI feature is good where you can view the custom logs in graphical format where the analyst get an better picture. We can set our own active channel and can pull previous logs.
Hi Kiran Vijay!
I agree with you. I used ESM console and I have not interest in MC; but i want to know detail about it..like is it need to install separately, why people use it? why arcsight invented this! I have gone through the guide but didn't und it's value yet!
Hi Fahima Khan,
ArcSight Management console was introduced with ArcSight Version 6.x for Administrative purpose,
Main reason for introduction of this is to easy Administrative activities with introduction of CORR-ENGINE which is replacement for the ORACLE DB used till Version 5.x
Administrative Activities Includes:
1. User and UserGroup Management
2. CORR- Engine Management( online and offline retention management) with Archiving
3. Connector Management.
4. Configuration Management
Management console is mainly used by Administrators and Super user for ease management of Arcsight with Version 6.x
This feature comes with installation of 6.x version, no need to install it seperatly and is GUI based which can be acces via
browser like ArcSight Web.
The ArcSight Command Center (ACC) was introduced first with management functionality. However, it has been evolving to ultimately the legacy ArcSight web console. However, there is another important analyst feature that was introduced in which is the ability to perform free-form search. This search capability is similar to the search performed by Logger where you can just enter a value, search for "fahima". I don't have to know where this value would be, whether it is a username or userid field value, I will just perform search across the entire record.
If you have users that were using ArcSight web, then ACC is a nice change because it is much more full featured for the web user. For the analyst, the ability for free-form search is a nice benefit, and I've worked with some analysts that use both the thick client and web interface. For content authors, the thick client is still the only way to go.
Hope this helps.
Hi Tammy, I was exploring that search feature. But I didn't find any information related to DNS, NTP..how to get this information? and do you know how to ensure the log sources for each connectors?