who watches the watchers ?
Is there any way (solution) to store the arcsight users past queries in a database so we can check later who queried what ? ( We asked this to customer support but in return they answered it is not possible atm but they added this request to customer request section.)
I don't think I understand the question.
You want to record queries and who made them. So are you wanting specifically the search function in ArcSight? Or who built what channels?
You would only be able to see if they created/deleted active channels and other resources. This is part of the audit logging.
Other than the queries done by people are not saved anywhere to my knowledge.
Thank you for replies,
Just make it clear i have to explain what i really wish, in my department there are people responsible for log management and as a duty they make queries on all kinds of log sources and here is what i want, i want to control what they queried and when. We can see users online queries on "running tasks" section on arcsight and i wonder if we can store these queries in log management system for future needs.