There's a ton of info on here as noted above if you search for it. Also, youtube activity has picked up a bit, you can find a lot on there now. Paul Brettle has some good training here: Paul Brettle - YouTube
I talked to the Arcsight Education manager at protect and gave him an earful, paying a few grand to go over the manual is beyond boneheaded. We need more advanced uses for the product....We have the manual, we read it, perhaps HP can do a little more than cover the manual....
Agree. No doubt Arcsight can do a lot but the learning curve is steep and almost all of the time the users are left to fend for themselves. Support is next to useless sorry.
And some basic functionality is not even in. i.e. Use of lookup files in report generation which other SIEMs such as RSA's old Envision already did out of the box and was intuitive.
If this continues, Arcsight will rapidly become irrelevant.
As in ANY enterprise product Education is key. So insure that you engage the education team.
With that said:
There are almost 1700 downloads of ArcSight Logger in 2 hours from the Protect724 website.
I authored this document to help individuals walk thru a use case from start to finish.
I am aware of several sites that now use it as their initial instruction for new L1 hires to familiarize them with the basic approach to ArcSight Content
Shortly ArcSight ESM in 4 hours will also hit the street.
I have had several folks ask for it in advance and they have been reviewing the document. Most edits complete and publish shortly.
Here is the link to ArcSight Logger in 2 hours.
Feedback is always welcome and encouraged.
Strategic Architect ArcSight Americas
Just updated to Logger 6.3 Screen Shots and minor adjustments for ADP 2.0 Release
Great, can you also fix the product so it returns data in minutes instead of days.....
We would like it to return data in less than 5 minutes like our datalake does....
Very long times are not the norm for the customers I work with.
Support is of course your primary resource.
But if you could frame up the situation and email me direct at Brian.Wolff@HPE.com I will be happy to take a quick look at your situation.
Perhaps others can chime on on how long logger takes to return results.....like a simple show me all traffic to one IP dest over 72 hours type of query...
fifty loggers (well plus or minus one as they need to be bounced every other day).... on latest version in a peered environment...
Thank you for your response.
Can you please provide me with your company name, would like to be proactive and review your tickets.