Rule modification report
How to we can pull a consolidated report/list of which user has modified the rule with time stamp?
Can we pull the report for multiple modification on the rules i.e user X modified the rule A on a day than user Y modified the same rule a week later
Can we also get the details what was modified in the rule?
The same question goes for Filters/Active list etc. as well.
Re: Rule modification report
>> How to we can pull a consolidated report/list of which user has modified the rule with time stamp?
This can be achieved using so called "Audit Events" ArcSight fires loads of those. The Device Event Class Id of Resource Events starts with "resource:" (e.g. resource updtate being "resource:101"). You'll find resource's name/uri in File Name/File Path, resource's type (e.g. Rule) in File Type and User in Source User Id. The value displayed is the unique id of the ArcSight users that are configured.
>> Can we also get the details what was modified in the rule?
Afaik, no. You'll have to adopt to a convention of using comments (similar to commit comments in programming). That's what the the Notes-Tab is for.
For further reference search for "Audit Events" in Console Help.