sanu9531 Absent Member.
Absent Member.
254 views

What is Arcsight ASA

Jump to solution


Hi All

Good Morning !!!!

Am getting correlated Logs as device vendor as Arcsight  and device product ASA , Since am a newbie in arcsight can anyone brief me about what is Arcsight ASA and for what it is used for ?

Regards

SANU

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Highlighted
subindbabu Honored Contributor.
Honored Contributor.

Re: What is Arcsight ASA

Jump to solution

Hi Sanu,

In your Rule -- Aggregation tab -- Identity column did you included and Device Product ? and also can you tell the Aggregation details as well ?

--SUBIN--

--Wipro--

--SUBIN--
0 Likes
2 Replies
Highlighted
subindbabu Honored Contributor.
Honored Contributor.

Re: What is Arcsight ASA

Jump to solution

Hi Sanu,

In your Rule -- Aggregation tab -- Identity column did you included and Device Product ? and also can you tell the Aggregation details as well ?

--SUBIN--

--Wipro--

--SUBIN--
0 Likes
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: What is Arcsight ASA

Jump to solution

Subin is correct - a correlation on one or more events will create a new event - called the correlated event. You can then populate fields in that event with either new data or data from the original events (called the base events). This is done through the aggregation tab for the correlation rule that triggered this.

Go to the event that you have the incorrect device / product data

Double click it to open the event viewer

In the event viewer panel on the right look for the line that has the little red lightening symbol

Right mouse click this and select the 'correlation trigger' option

This will open the correlation rule that triggered it, also in the right panel

Click on the aggregation tab and report back what it says.

We will need to check what is in there and then make recommendations to change it. But it is this that is making the incorrect setting of the field.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.