ArcSight Intelligence and ArcSight ESM Integration

229818

OpenText OpenText Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

OpenText | OpenText Community

Optimize your security operations with the ArcSight platform. ArcSight empowers a layered analytics approach by integrating two powerful technologies, ArcSight ESM and ArcSight Intelligence, to quickly and effectively detect both known and unknown threats.

694 downloads

Description

ArcSight ESM provides security organizations with critical log management capabilities and the industry’s most powerful correlation engine. Using ArcSight ESM, security operations teams can very quickly identify and respond to known (documented) threats, to drive efficiency in the SOC’s increasingly critical business function.

ArcSight Intelligence (previously ArcSight Interset) provides market-leading analytics, using unsupervised online machine learning, to identify unknown threats like insider threats or targeted outside attacks such as APTs. These types of threats cannot be identified by simply searching for a known “bad signature”. Unsupervised machine learning gives threat hunters a high-quality set of prioritized leads to help them accurately identify and mitigate these elusive threats.

Together, ArcSight’s ESM and Intelligence components empower a layered analytics approach by providing multiple analytical tools that work together to address all the right use cases and to help you quickly and comprehensively detect both known and unknown threats. They bring to bear the best-of-breed technologies to optimize your security operations and dramatically improve your security posture.

The below set of capabilities enable integration between the two components. This enhancement allows data to be moved into ArcSight Intelligence’s analytics platform using ArcSight’s SmartConnectors, supporting Active Directory / Authentication data as well as Web proxy data. In addition. FlexConnectors can now be used to analytical results from ArcSight Intelligence to ArcSight ESM, for higher accuracy correlation rules that leverage unsupervised machine learning, anomalous behavior, and correlation rule filtering using top risky entity lists.