Highlighted
Absent Member.
Absent Member.
1307 views

The meaning of Device Custom Number 1 and Device Custom Number 2 fields. the value of those fields what to do calculate.

1.png2.jpg

I want to know  those parameters what should do calculate ?

Hope expert can tell me what to do calculate those parameters .thanks

Labels (1)
0 Likes
Reply
5 Replies
Highlighted
Absent Member.
Absent Member.

I want to know  those parameters what should do calculate ?

Hope expert can tell me what to do calculate those parameters .thanks

0 Likes
Reply
Highlighted
New Member.

These are custom fields that are filled in differently depending upon the device. They are filled when the more 'standard' fields of ArcSight are inadequate to fit particular types of data. Take a look at the device custom number & device custom string fields for a few different types of events.

You should be able to understand what a particular Device Custom Number is by referring to the corresponding Device Custom Number Label field.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Hello Vijay,

I understand your means ,however I do not understand the calculation of relationship between them. I try to calculate ,but I did not get the matching values .So I doubt that those parameters settings ,maybe I just want

to know why it is set up ,those parameters where them are from ,what should do query .Hope you can help me

and give me some advice ,thanks .

0 Likes
Reply
Highlighted
New Member.

Pardon me, Rick. I had not seen the screenshots before I replied earlier. The ArcSight Console that I have in front of me today (Express 4.0) does not have those Device Custom Number fields for Target Port Activity by Attacker data monitor. I only have Sorted by ... Maximum alarm frequency.

I found the below in the help for the Moving Average Data Monitor:

Sorted By

Sort by the values found in fields or by the percentage of change in those values.

Alarm Change Threshold (%)

Specifies the moving average threshold, the percent change from the moving average, that will send a threshold exceeded event to the ArcSight Console. The threshold exceeded event is sent to the Console and can be used to create a rule. For more information on rules, see Creating Rule Actions. Type in a percentage. The default is 50.

Number of Samples

Type the number of Sampling Intervals to use to calculate the moving average, in seconds. The most recently stored Sampling Intervals are used to calculate the moving average. For example, if five Number of Samples are used, the last five Sampling Intervals are used to calculate the moving average.

Number of Visible Groups

Set the number of rows of results to display in the data monitor for each combination of ordering fields specified in the Group By parameter.

Sampling Interval

Type the time interval used to calculate the moving average, in seconds. For example, if the Sampling Interval is 5 minutes, the moving average is calculated every 5 minutes. The default is 300.

Group Discard Threshold

Specifies the minimum event counts needed to generate a threshold exceeded event. For example, event count could change from 1 to 2, a 100% change that results in a threshold exceeded event. To prevent these types of changes from generating a threshold exceeded event, specify the minimum event counts needed. If you want all events generated regardless of the event count, type 0.

Maximum Alarm Frequency

Minimum time (in seconds) to wait before sending alarms for the same group.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Hello Vijay,

Thank you for your reply ,I have understood, I try to calculate now ,If have any not understand ,I will ask some help for you .thanks ,hard you for your help .

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.