Building Trends
A trend is an ArcSight resource that defines how and over what time period data are aggregated and evaluated for tendencies and patterns. A trend executes a specified query on a defined schedule and time duration.
The ArcSight trends engine evaluates source data for trends based on:
-
Event conditions, such as
-
Number of worm outbreaks
-
Incident time-to-close
-
Number of cases closed
-
-
Common network elements, such as
-
Operating system
-
Business role
-
Regulatory compliance relevance
-
Trends can be used as the primary data source for a report, or used as the data source input to another query which is then used in a report (perhaps along with other queries or trends).
See also:
-
Building Reports for an overview of all reporting tasks and tools
-
Understanding the Reporting Workflow to see how trends fit in to the process of creating a report