Is there a user session timeout setting for the Arcsight console/manager?
There is a default session timeout for console login which I believe is about 15mins. However, you must be careful when using some of these properties.
To control this, find or add the below property into the manager's 'server.properties. Default value is 900s
Hope it helps.
this property is only for "service" type logins, "console" type logins aren't "timeoutable" as far as I know. If they are, I'd like to know how! Even a max duration would be nice to have!
I am currently facing the same problem. PCI DSS requirement 8.5.15 demands a 15 minute session timeout:
If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session.
There is also a reference "session timeout" for the arcsight console in the index of the Arcsight ESM Admin Guide. However, it refers to the same page, as the session timeout for ArcSight Web connections (page 68 in the 6.0c version). There indeed seems to be no way to have a console connection time out.
Has anyone gotten ArcSight ESM past a PCI DSS evaluation? Are there recommended compensating controls?
unfortunately this does not work in a "shared" environment. The console runs on a dedicated windows system, where several users can have access via RDP. Thus if user A forgets to properly log out/close the app, user B could take over the session.