Highlighted
kgraham Super Contributor.
Super Contributor.
836 views

ArcSight ESM Filtering Active Channels - Web - Expert Day Question

Jump to solution

To start --> Love the over all new interface

This question is based on the Web Interface. 

Active Channels

A function we used is not apparently available.  If they are please point me in the direction so that I can set it up and teach my users.   We could filter via the column in the configured active channel.  Filtering helped us when looking for a particular user, IP, Device, Reason within the configured active channel. 

I understand new active channels can be built or modified via editing the channel.  It is teaching the users to do this that makes it a bit tricky.   The drop downs helped with the education.  There are many of my users that will use the new function and run with it.  There are others that will not due to timing, education and fear of breaking something.

    

There is the option to search via the search page although some managers have asked me to restrict their people to have very limited access.  Their access needs to be easy and quick.  These are first line support agents.

Scenario:

User is locked out of the AD account.

Why?

Typically it is a mobile device with a bad password.

Active channel configured with Failed Logons and Account Lockouts

Fields : name, message and deviceCustomString4, sourceUserName, destinationUserName, sourceMacAddress etc. tell the story.

They used the filtering at the top of the column to find a particular user so that they can tell the user why they are locked out and how to correct the situation.   It is quick and efficient assisting in first call resolution. 

Is this type of filtering available or will it be forthcoming?

Thanks

Kim

Making solutions look easy

Labels (1)
0 Likes
1 Solution

Accepted Solutions
kgraham Super Contributor.
Super Contributor.

Re: ArcSight ESM Filtering Active Channels - Web - Expert Day Question

Jump to solution

Yes it does.  I knew I was missing something. 

Thank you.

View solution in original post

0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: ArcSight ESM Filtering Active Channels - Web - Expert Day Question

Jump to solution

Kim,

In your scenario, they can click on the UserName in the channel and either create a channel based on just the user or narrow down the existing channel to just that user. This is the equivalent of the Investigate feature in the regular console. Will this take care of it?

Beirne Konarski

ArcSight Pro Services

0 Likes
kgraham Super Contributor.
Super Contributor.

Re: ArcSight ESM Filtering Active Channels - Web - Expert Day Question

Jump to solution

Yes it does.  I knew I was missing something. 

Thank you.

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.