Trusted Contributor.. foluwa_fmr Trusted Contributor..
Trusted Contributor..
596 views

Implementing Privileged User Access capabilities using ArcSight

Jump to solution

Hello Protect724,

Can you share the latest information/documentation on implementing Privileged User Access capabilities using ArcSight?  What is capable through ArcSight and how can it be deployed.

Best Regards,

Foluwa

0 Likes
1 Solution

Accepted Solutions
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: Implementing Privileged User Access capabilities using ArcSight

Jump to solution

In general, I would recommend that for more advanced use cases, I would be looking at UBA to address this.

https://www.hpe.com/h20195/V2/getpdf.aspx/4AA5-8223ENW.pdf

Security Information Event Management (SIEM) & Big Data Analytics | Hewlett Packard Enterprise 


However, in the meantime, while it might seem that I am constantly talking about Activate, it does have a lot of content to directly address this:

https://marketplace.saas.hpe.com/arcsight/content/l1-entity-monitoring

https://marketplace.saas.hpe.com/arcsight/content/l2-entity-monitoring

https://marketplace.saas.hpe.com/arcsight/content/l1-host-monitoring-indicators-and-warnings

https://marketplace.saas.hpe.com/arcsight/content/l2-host-monitoring-situational-awareness 

Why UBA over ESM? Mainly because UBA has the ability to understand the details behind the user - such as mapping to identity and more importantly what the access rights are. ESM can't and hasn't had the ability to understand the access rights! UBA has the ability to map this together and understand what rights you have, how that maps to your peer group and who else has (or doesn't have) the same access rights. Then we can build up baselines and then compare them - triggering escalating alarms on unusual and understanding what is usual and out of the norm, this is the difference!

Make sense?

0 Likes
2 Replies
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: Implementing Privileged User Access capabilities using ArcSight

Jump to solution

In general, I would recommend that for more advanced use cases, I would be looking at UBA to address this.

https://www.hpe.com/h20195/V2/getpdf.aspx/4AA5-8223ENW.pdf

Security Information Event Management (SIEM) & Big Data Analytics | Hewlett Packard Enterprise 


However, in the meantime, while it might seem that I am constantly talking about Activate, it does have a lot of content to directly address this:

https://marketplace.saas.hpe.com/arcsight/content/l1-entity-monitoring

https://marketplace.saas.hpe.com/arcsight/content/l2-entity-monitoring

https://marketplace.saas.hpe.com/arcsight/content/l1-host-monitoring-indicators-and-warnings

https://marketplace.saas.hpe.com/arcsight/content/l2-host-monitoring-situational-awareness 

Why UBA over ESM? Mainly because UBA has the ability to understand the details behind the user - such as mapping to identity and more importantly what the access rights are. ESM can't and hasn't had the ability to understand the access rights! UBA has the ability to map this together and understand what rights you have, how that maps to your peer group and who else has (or doesn't have) the same access rights. Then we can build up baselines and then compare them - triggering escalating alarms on unusual and understanding what is usual and out of the norm, this is the difference!

Make sense?

0 Likes
Trusted Contributor.. foluwa_fmr Trusted Contributor..
Trusted Contributor..

Re: Implementing Privileged User Access capabilities using ArcSight

Jump to solution

Makes total sense!

Thanks once again Paul.

Cheers!

Foluwa

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.