Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
dharmarajsonawa1 Absent Member.
Absent Member.
343 views

how to implement ArcSight ESM 6.5

Hello Friends,

I am very new for ArcSight. So can you please share any implementation document with me.

Also want to know difference between ArcSight ESM, ArcSight logger,ArcSight Express,Smart Connector and ArcSight CEF etc.

Please explain me the relationship between them.

Thanks in advance.

Dharmaraj sonawane

Labels (4)
0 Likes
Reply
3 Replies
david.bakboord@ Absent Member.
Absent Member.

Re: how to implement ArcSight ESM 6.5

Hello Dharmaraj,

First of welcome to this great community.

Next, please start with reading the ESM 101, I think that is defintely a great starting point you can find it in the link below: https://protect724.hp.com/docs/DOC-1193

For more documention visit this link ->

Further more look on youtube for some tutorials and videoś to see what Logger is, Arcsight is etc.

If your employer has the budget, do the training and if it is not the case, there must be an colleague who is a sr. ArcSight specialist who is able to provide you with information that goes further, where the ArcSight documentation stops. If you have the chance and there is a test environment log in if allowed(not with Admin level of course) and figure out what all the resources do, what they are, how they work, when are they used etc..

Improve your technical skills, you won get there in a weeks or a monthś time but if you give all, it will be worth the effort in the long run. Once you start to grasp the concept of logging, log management and SIEM it will be fun, I guarantee you.

Also try to understand what the SIEM concept is, how these solutions work in general, what kind af business value such a solution has, and the skillset (more info below) related in performing SIEM administration and/or even the implementation.

Knowledge of shell (or python) scripting - Skill Level 1

Working knowledge of regular expressions - Skill level 1

Working knowledge of security technologies such as firewalls, encryption using keys, SSL, HTTPS, SSH,  intrusion detection, routing switch ACLs, VLAN, Span Ports, etc.  Skill level 2

Knowledge of TCP/IP - Skill Level 1

Knowledge of LINUX operating system such as vi, iptables, ssh, cat, tail, grep etc - Skill Level 2

Basic understanding of vulnerability scanners - Skill level

Understanding of basic system architecture design - Skill Level 2

Working knowledge of Databases - Skill level 2

Good luck in your journey of getting to know SIEM and the way this tooling adds value to operational security within organizations. Remember to not primarely become a product specialist but an Information Security Specialist, read white papers on SIEM and Security Intelligence and if you wish to become really proficient in ArcSight, read the presentations which   (Thanks Jurgen!) took the effort of renaming them and putting them online.

https://protect724.hp.com/message/50720#50720

Kind regards,

David Bakboord

0 Likes
Reply
dharmarajsonawa1 Absent Member.
Absent Member.

Re: how to implement ArcSight ESM 6.5

Thank you David Bakboord for your guidence..

0 Likes
Reply
david.bakboord@ Absent Member.
Absent Member.

Re: how to implement ArcSight ESM 6.5

Your welcome, I started out the same, I never touched a ArcSight SIEM and I was overwhelmed at first. My mentors (two sr. ArcSight Experts), this community and a lot of research helped me a lot to grasp the concept and put it in practice.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.