This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
sanyamrustagi1
Absent Member.
Absent Member.
‎2017-03-15 10:21
908 views

Use Cases for Proxy Devices such as Ironport , Bluecoat etc

Hello Expertise ,

Could anyone share use cases for Proxy Devices that can be possible with events from Ironport , Bluecoat .

@Paul Brettle , Balahasan V  -  Could you please provide your inputs on the same .

Awaiting your response !!

Thanks ,

Sanyam

Tags (1)
0 Likes
Reply
Report Inappropriate Content
1 Reply
pbrettle
Fleet Admiral
Fleet Admiral
‎2017-03-19 21:22

To be honest, you really need to be looking into Activate to get easy and simple value from ESM. There is a perception that you can just get some content and fix something. But the problem is what is important for one customer is not for another and customers have different configurations and setup's for their systems. A great example is VPN setups - there are so many options, configurations and environments. While it would be great to have a generic package, it would also be pretty limited and usually very little use.

Activate is a way to address this and make it a bit simpler and easier to address. Think of it as a way to have content to address specific log sources and then build up to a wider set of indicators that then feed to a set of alerts and details. You really don't necessarily want to trigger an alert on one set of logs. You really want to have multiple systems combine together to give real and valuable indicators to what is happening.

You need to check things out here:

You can also see some more information about this framework and what you can do with it here:

https://hpe-sec.com/#arcsight_configurator

You need to get the base Activate content to address this:

https://marketplace.saas.hpe.com/arcsight/content/activate-base

But from there, you can use the specific indicator packages here, such as the Blue Coat one:

https://marketplace.saas.hpe.com/arcsight/content/activate-p-blue-coat-proxy

You can find all of the package here:

https://marketplace.saas.hpe.com/arcsight/category/activate-packages?product=All%20products&version=All%20versions&compa…

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.