Micro Focus ArcSight
Micro Focus is a cyber-security product, first released in 2000, that provides big data security analytics and intelligence software for security information and event management (SIEM) and log management. ArcSight is designed to help customers identify and prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities. ArcSight became a subsidiary of Hewlett-Packard in 2010. It was merged with Micro Focus on September 1, 2017.
ArcSight Investigate is a high-capacity data management and analysis engine that enables you to search, analyze, and visualize machine-generated data gathered from web sites, applications, sensors, and devices that comprise your monitored network. Investigate indexes the events from your data source so that you can view and search them. The intuitive search language makes it easy to formulate queries and then create reports and visualizations based on the search results. The information that a search yields can help you detect and investigate breaches before substantial damage occurs. From this, you can also evaluate the effectiveness of security policies and rules and security applications.
ArcSight Event Broker and ArcSight Smart Connectors are essential parts of the Investigate solution. Connectors send normalized and categorized common event format (CEF) events to the Event Broker topic eb-cef. Event Broker transforms the events to Apache Avro format and then the Vertica Kafka scheduler consumes security them and loads them into the Vertica database. Investigate reads the events from the Vertica database and then displays them on the Search page. Investigate can extend the ArcSight Enterprise Security Manager (ESM) application to allow further investigation into events in an active channel. ESM generates a URL that opens Investigate with query input based on the data selected in the active channel.
- Pre-engagement review.
- ArcSight ESM with purpose built content.
- Present common threat monitoring use cases
- Develop prioritized list of use cases identified with key stakeholders.
- Documented Use Case Matrix with priorities.
- Identify KPIs/Metrics per Use Case
- Align to various frameworks Mitre ATT&CK, GPG13, SPF, Cyber Essentials
- Covers Public Cloud, Hybrid Cloud, Private Cloud, and Servers.
- Have Use Cases defined and built aligned to best practice
- Access to Micro Focus SIOC & ArcSight technology consultants.
- Based upon activities agreed during pre-engagement review.
- Complement your team with assistance from Micro Focus ArcSight Consultants.
- Designed to help improve the time to solution.
- Ensure full utilisation of Cloud within your data centres.
- Intended to help reduce business risk.
- Provides flexible consultants to help with cloud activities.
- Reduce project costs by providing access to Micro Focus specialists.
- Micro Focus consultants perform the services working at your direction.