Arcsight Rules, Dashboards & Correlation
We need your support to learn about following grey areas.
- Reading Incident logs & Event Categorization.
- Complex Queries & Active channel creation.
- Rules & Reporting
- Correlation & Correlation Rule
- Developing Adhoc rules
- Developing Use Cases
- Creating Active list & Session Lists
- Creating Alerts & Notification
- Finding scope for Rule creation from alert.
- Generate Data monitors & Dashboards.
- Asset Modeling
Any training material, docs or mentor ship available on the above topics?
- #esm #dashboard
- active lists
- add field to active list
- arcsight asset model
- arcsight rules
- asset autocreation
- correlation rule
- dashboards -use cases
- incident response
- incident workflow
- live active channel
- rule creation
- security use case
- session lists
- time correlation
- use case basics
- use case development
- use case examples
Re: Arcsight Rules, Dashboards & Correlation
I would encourage you to read the document below:
This is an excellent document that runs through each of these points and explains what they are and what they do. So I would really recommend that you take a look at this. Additionally, not sure what you mean by 'support' - this is a sophisticated area and you can do a lot with each of the points you have raised.
I would point you to some videos that should help:
But I need to update it - there are some more videos here: