That's more plausible than you might think. As far as documentation goes, the key seems to be finding someone that has some of the ArcSight materials and making copies of it.
Other than that, you're on your own. The program's help system is pretty useful though. You can plug literally everything into ArcSight, but getting useful information from those millions of events per day is where it gets interesting. If you understand ArcSight (play around with it for a while), and you understand what you should be looking for/concerned with from a security perspective, then it's simply a matter of creating filters/reports to get the information you want. Not to oversimplify things... Steve On Tue, Apr 7, 2009 at 12:26 PM, Paul Schmehl <[email protected]> wrote: > --On Tuesday, April 07, 2009 02:15:13 -0600 [email protected] > wrote: > >> Dear All, >> >> I was wondering if anyone has any standard rules and policies which can be >> instantly deployed & added to Arcsight ESM for monitoring Windows, UNIX, >> database and network devices. I understand the rules vary and are specific >> to >> the OS and n/w devices. We have to setup the rules and commission Arcsight >> in >> our company. If anyone has prior hands-on using Arcsight or if you have >> any >> literature, please share. Also, if you have any docs on how to setup >> rules >> on Tripwire tool for file integrity checking please share the information. >> Thank you in advance. >> > > Arcsight is an expensive product. Surely you got training and access to > docs with your licenses? If you're just now deploying, Arcsight should be > assisting you with that - especially your salesperson. > > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > ******************************************* > Check the headers before clicking on Reply. > > > >
