ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
Absent Member.
Absent Member.
485 views

Open Source

We are trying to add some open source products to our SIEM tool. My boss wants time estimates on installation and integration with the SIEM tool. I have never installed any of these tools. If you have any other suggestions or comments thanks in advance. It would be nice to know if it helped populate the network model since this is our end goal.

  • Nmap
  • Nessus
  • OpenVAS
  • Snort
  • OSSEC
  • Microsoft Baseline Security Analyzer

Thanks,

David

Labels (1)
0 Likes
5 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

I'd  recommend checking out the presentation by myself and Robert McGinley from Protect '11 - https://protect724.arcsight.com/docs/DOC-1907.  I integrated nmap, snort, nessus, and ossec in to a previous implementation.

0 Likes
Absent Member.
Absent Member.

Thanks Chris

I have already watched it, really good information. I really need time estimates.

Thanks,

David

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Unfortunately there is no way of producing a time estimate as there are too many variables - e.g., amount of data, number of hosts, number of subnets, completeness of zone creation, configuration of network devices, etc...  Based on these, the time could range from a week to a month.  Given that you said you've never installed them before, there will be a learning curve as well which will add to the amount of time. 

0 Likes
Absent Member.
Absent Member.

Thanks Chris

0 Likes
Absent Member.
Absent Member.

I have some very specific questions on Nmap and populating the network model? I have loaded our network model already (1 year ago) but it is now out of date and needs to be updated.  I hope someone can answer the following questions for me:

  • 1.       Nmap the product has worked for other companies? Or what products have worked for them to auto populate the network model?
  • 2.       What does ArcSight recommend as a method of continuing to update network model?
  • 3.       How can I mitigate risks of Nmap based on the experience of others?
  • 4.       Produce a fact-based estimate of effort to install Nmap (facts from other’s experience).
  • 5.       How does the smart connector/import work?  Do we need to delete our network model and re-import?  Will the smart connector do the job or do we need to export a CSV (etc.) from Nmap and import the file into ArcSight?

Thanks in advance,

David

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.