Vous êtes sur la page 1sur 12

CLK ArcSight Overview

Document Version: 24-Nov-15 v1.0


Table of Contents
ArcSight Management console............................................................................. 3
1. Overview............................................................................................................ 3
2. Management console Modules.......................................................................3
2.1. Home page:................................................................................................. 4
2.2. Welcome Screen:........................................................................................ 5
2.3. Management Console Dashboards..........................................................5
2.4. Arcsight web............................................................................................... 6
2.4.1. Using Reports....................................................................................... 8
2.4.2. Active channels:...................................................................................9
2.4.3. Notifications:...................................................................................... 10
2.4.4. Using Cases......................................................................................... 11
2.5. Connector Management..........................................................................11
2.6. Preferences............................................................................................... 12
ArcSight Management console

1. Overview

The ArcSight Management Console provides a streamlined interface that enables


you to:
* Manage user accounts and user groups
* Manage data and event storage, archiving, and notifications
* Monitor events and resources from the dashboard
* Access ArcSight Web
* If licensed, you can configure Connectors from the Connector Management
module
* Configure notifications, and authentication

2. Management console Modules


Welcome Module
Dashboards Module
ArcSight Web Module
Connector Management Module
Preferences Module

Go to URL https://trmse-distribution:8443 for distribution


Go to URL https://trmse-retial:8443 for retail
Login screen for ArcSight Management console
Please login with your credentials

2.1. Home page:


2.2. Welcome Screen:

2.3. Management Console Dashboards


Dashboards are a graphical display of data gathered from one or more Data
Monitors or query viewers.
Dashboards can display data in a number of graphical formats, including pie charts,
bar charts, line charts, and tables, and you can rearrange the dashboard elements
in the window and save the arrangement. The dashboards that appear in the
Management Console are those that exist in the ArcSight Console, where
dashboards can be created and customized.
Go to DashboardsNavigate to any dashboard to check the fields
You can select dashboards from the Dashboard Navigator on the left, which shows a
hierarchical view of all available dashboards.
A dashboard can show data monitors and query viewers. In general, these are called
dashboard elements. The screen image above shows six dashboard elements.

2.4. Arcsight web


ArcSight Web is the web interface to monitoring and reporting features of ArcSight
Express for operators and analysts engaged in network perimeter and security
monitoring. ArcSight Web is primarily presented as a part of the Management
Console.
ArcSight web consists of

Home
Dashboards
Reports
Active channels
Notifications
Cases

The Home link returns you to the home page from any other view.
Dashboards
The Dashboards section lists a set of data monitor dashboards that expose selected
analytical security information about your enterprise. Click a dashboard's name to open
it.
Reports
The Reports section lists available reports. Reports are captured views or summaries of
data extrapolated from the ArcSight System by means of queries and trends. Reports
communicate the state of your enterprise security. Click a report, set the parameters or
accept the defaults (HTML or PDF), and click Run Report. You have the option of saving
the Report results in a variety of file formats to your local system, or just viewing the
results in the ArcSight Web window.
Active Channels
Active Channels display the filtered events as they stream through the system. Click a
channel to open it as a grid view in which you can inspect individual events. You can
pause channels, and sort event columns in the grid.
Cases
The Cases section summarizes currently tracked, event-related security situations by the
area they fall into (rows) and the workflow-style stage they have reached (columns).
Click a type and stage cell to see more detail.

Recent Notifications
The Recent Notifications section summarizes ArcSight notifications by workflow-style
categories. Click a category to see more detail.

2.4.1. Using Reports


The ArcSight Web interface enables you to run reports, and view and save the
report results.
The reports available to you are organized in the Cases resource tree on the left.
Click the group folders in the tree to open or close them. Click a folder to see a list
of its cases in the right-hand pane. Click the arrow icon in the upper-right corner of
the resource pane to hide it or show it.
To run and view a report:
1. Click Report Definitions just below the toolbar.
2. Navigate to a report in the resource tree.
3. Click a report definition name to show it in the right pane.
4. Use the values already defined for the report's parameters or change them as
necessary.
5. Click Run Report to run the report and display the result
2.4.2. Active channels:
To open an active channel, click its name in the Active Channels section of the
Home display, or click the Channels icon in the toolbar and choose a channel in the
Active Channels resource tree.
Channels you click in the Home display open directly, but channels you choose in
the resource tree offer a setup page before opening.
Go to Active channels in ArcSight webNavigate to any of the Active channel and
double click on it to check the events in particular channel.
To check the Alerts /Correlated Events, Double click on Live Active channel
(highlighted in color), select time range and click Open.

Currently I have selected last 5 minutes alerts, it displays all the correlated events
within the timeframe.

2.4.3. Notifications:
The Notifications feature displays notifications relevant to you that were triggered
by certain event conditions.
The notifications on the display are grouped according to workflow-style stages such
as pending, acknowledged, resolved, or informational.

Please go through the below URL for in detail


https://trmse-
distribution:9443/arcsight/webhelp/wwhelp/wwhimpl/js/html/wwhelp.htm#href=navi
gating.02.03.html

2.4.4. Using Cases


ArcSight cases provide organized, workflow-style tracking and management of
interesting events or situations. The ArcSight Web interface enables you to create,
manage, or customize cases.
Cases have a large number of fields to cover a wide range of event analysis and
investigation possibilities
For detail description please refer below URL
https://trmse-
distribution:8443/arcsight/web/doc/user/wwhelp/wwhimpl/js/html/wwhelp.htm#href
=ArcSight%20Express/ArcSightWebGuide/cases.41.1.html

2.5. Connector Management


Connector Management Overview
The Connector Management feature allows management and configuration of
connectors available on the ArcSight Express appliance, on other ArcSight -
Connector Appliance systems, or any software-based Smart Connectors running on
remote machines in your network.
Connector Management is one module in the ArcSight Express suite of products.
The initial view of Connector Management is from the Manage tab, which enables
you to configure and organize your connectors.

Please go through Below URL for detail Description


https://trmse-
distribution:8443/arcsight/web/doc/user/wwhelp/wwhimpl/js/html/wwhelp.htm#href
=ArcSight%20Express/ConnApp_AdminGuide/index.html

2.6. Preferences
The Preferences module enables you to control additional links, appearance, logging
and your own user account settings.

Custom Modules
Skins & Effects
Logging
Account Settings

Please refer below URL


https://trmse-
distribution:8443/arcsight/web/doc/user/wwhelp/wwhimpl/js/html/wwhelp.htm#href
=ArcSight%20Express/Mgmt_ConsoleIGuide/preferences.36.1.html