This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
shinej
Absent Member.
Absent Member.
‎2015-02-04 10:03
542 views

When is it good to use trends?

Jump to solution

Hi All,

I'm very new to ArcSight, I had pretty confused when its highly recommended to use Trends.

Can anyone please help me regarding this !!!

Regards

SHINEJ

0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
jan.odzgan
Commodore
Commodore
‎2015-02-04 11:14

Jump to solution

Hi Shinej.

Primary Trends is good to use when you need summary information about something for long period (few days, weeks, months). This information are static (you don't have option to add some field, you must create new trend). Most of users call  trends snapshots but it not exactly right. Trends can be snapshots (based on assets, cases and notifications) and interval (summary based on events for defined time) You can create report or another query based on the trend. It is really fast to generate report from trends. Trend is created in specific period (hourly, daily) and it is good to schedule them to time when ArcSight isn't under the heavy load.

Good source of information is ESM 101 (site 95 of current 6.8c).

View solution in original post

0 Likes
Reply
Report Inappropriate Content
3 Replies
janand
Absent Member.
Absent Member.
‎2015-02-04 10:39

Jump to solution

Trends gather event data over time period , which helps identify, any security threats ,worm outbreaks, monitoring the incident life cycle,it can be used to monitor any network devices, operating systems,

asset activity by business role etc..

In an nut shell , its is used to apply the business logic over the

resources based on his historical behavior

0 Likes
Reply
Report Inappropriate Content
jan.odzgan
Commodore
Commodore
‎2015-02-04 11:14

Jump to solution

Hi Shinej.

Primary Trends is good to use when you need summary information about something for long period (few days, weeks, months). This information are static (you don't have option to add some field, you must create new trend). Most of users call  trends snapshots but it not exactly right. Trends can be snapshots (based on assets, cases and notifications) and interval (summary based on events for defined time) You can create report or another query based on the trend. It is really fast to generate report from trends. Trend is created in specific period (hourly, daily) and it is good to schedule them to time when ArcSight isn't under the heavy load.

Good source of information is ESM 101 (site 95 of current 6.8c).

View solution in original post

0 Likes
Reply
Report Inappropriate Content
shinej
Absent Member.
Absent Member.
‎2015-02-04 12:10

Jump to solution

Thanks Jan Odzgan for the detailed explanation

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.