Highlighted
Absent Member.
Absent Member.

RE: Google Earth ArcSight tool

[QUOTE=John Cahill]Very nice... When you say the bat and vbs need to be hacked, do you mean to it just needs to refer to the attacker2target.xml instead of ge_arst.kml? John[/QUOTE] hacked=modified The VBS code actually writes out the kml file, so you'll need to change it to reflect two coordinates. Then you'll need to choose which two arcsight fields are used for the coordinates in your console tool config. KML syntax can be found here http://code.google.com/apis/kml/documentation/kmlreference.html There's alot of different ways to connect two points, plus you can choose your zoom distance, tilt etc. The attacker2target.xml is just a syntax example of one possible way to do it.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Google Earth ArcSight tool

Heres a video showing a demo of the Google Earth ArcSight tool and how you can track the location of each attacker with just a few clicks.  Enjoy!

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Google Earth ArcSight tool

Joe,

I created a Google maps variation on this here: https://protect724.arcsight.com/thread/3854

grds,

Steven

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Google Earth ArcSight tool

Thanks for the vbs... great start... Now  we're working to automate this and was wondering if others have done so.  For instance, using a rule to fire an event to this, generating a  kml... Then I suppose we'll need to start serving a kmz to make this a  live feed to Google Earth. Leadership would like to see live events on  Google Earth as they occur. Any others have similiar requirements or  projects?

Highlighted
Absent Member.
Absent Member.

Re: Google Earth ArcSight tool

If you are using verion 5.0 you can use the Geo map to display real time. We are using it to plot internet traffic real time. Its pretty cool to map to countrys. Provided you set up your Network Zones correctly to include your home network.

also!

Building on the Gmap Idea presented before and I tweeked it to be used for source and destination of a veiwed event. below are the integration commands.

because GoogleMaps supports satelite(at least that is the veiw that im presented with in running the command.) its pretty cool..

this is not my own Idea but someone elses that I tweeked using the information I found on the internet and here. You could even change what is displayed by adding more strings, like IP Address, protocol, and the like inside the Area (source address)  or (destination Address) an example is shown below note if you expand the URL window and type $ it brings up a menu for me, not sure if it will for you.

Gmap source command

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=${sourceGeoLatitude}+${sourceGeoLongitude}+(source address)&ie=UTF8&t=h&output=embed

Gmap Destination command

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=${destinationGeoLatitude}+${destinationGeoLongitude}+(destination Address)&ie=UTF8&t=h&output=embed

Gmap destination with IP Tag , Locationinfo(usually city) and location geo Region Code (usually country)

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=${destinationGeoLatitude}+${destinationGeoLongitude}+(${destinationGeoLocationInfo} ${destinationGeoRegionCode} ${destinationAddress})&ie=UTF8&t=h&output=embed

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Google Earth ArcSight tool

Hey guys!
Take a look at this thread:

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.