ArcSight Enterprise
Security Management (ESM) is a comprehensive software solution
that combines traditional
security event monitoring with network intelligence, context
correlation, anomaly
detection, historical analysis tools, and automated remediation. ESM
is a multi-level solution
that provides tools for network security analysts, system
administrators, and
business users.
What’s New in ESM v5.2
Reporting
Reporting has been enhanced
to create a report once, then distribute it to multiple
recipients, including to
non-ESM users with valid email addresses. You can additionally set
the option so that empty
reports are not sent.
Correlation
The following enhancements
to rules and active lists are introduced:
You can define lightweight rules that skip
multiple event aliases and aggregation, limit
rule actions, and skip
audit event logging for significant performance gains.
If your active lists contain numeric fields,
you can further specify numeric subtypes of
SUM, MIN, and MAX that will
accumulate your values. With enhanced variable
functions for active lists,
you can now store list data in time segments.
Standard Content
Navigation through the
administration tasks in ArcSight Administration Foundation is
enhanced by the addition of
use cases. The resource monitoring content is also enhanced
to better monitor
query-based resources, such as reports, trends, and query viewers.
Dashboards
Dashboards are enhanced to
support drilldowns from data monitors into dashboards,
reports, and query viewers.
Asset Model
The Asset Model Import
Connector now supports the ability to create and manage the
Asset Model within ESM. The
Asset Model Import Connector monitors changes in an asset
model CSV file, enabling
you to manage and maintain your asset model more easily.
ArcSight Send Log Utility
ArcSight Tech Support may
request log files and other diagnostic information to
troubleshoot problems. The
Send Log utility automatically locates the log files,
compresses them, and saves
them.
Using the Send Log utility,
you can:
Gather logs and diagnostic information for
all components of the ESM system from the
Console, Manager, or
ArcSight Web.
Gather diagnostic information such as session
wait times, thread dumps, and storage
alert logs about your
system. If you email the log to ArcSight Tech Support, it can help
them analyze performance
issues on your ESM components.
Send Log can be run as a
wizard, directly from the Console interface, or from the
command-line interface of
each component.