ArcSight ESM provides security organizations with critical log management capabilities and the industry’s most powerful correlation engine. Using ArcSight ESM, security operations teams can very quickly identify and respond to known (documented) threats, to drive efficiency in the SOC’s increasingly critical business function.
ArcSight Intelligence (previously ArcSight Interset) provides market-leading analytics, using unsupervised online machine learning, to identify unknown threats like insider threats or targeted outside attacks such as APTs. These types of threats cannot be identified by simply searching for a known “bad signature”. Unsupervised machine learning gives threat hunters a high-quality set of prioritized leads to help them accurately identify and mitigate these elusive threats.
Together, ArcSight’s ESM and Intelligence components empower a layered analytics approach by providing multiple analytical tools that work together to address all the right use cases and to help you quickly and comprehensively detect both known and unknown threats. They bring to bear the best-of-breed technologies to optimize your security operations and dramatically improve your security posture.
The below set of capabilities enable integration between the two components. This enhancement allows data to be moved into ArcSight Intelligence’s analytics platform using ArcSight’s SmartConnectors, supporting Active Directory / Authentication data as well as Web proxy data. In addition. FlexConnectors can now be used to analytical results from ArcSight Intelligence to ArcSight ESM, for higher accuracy correlation rules that leverage unsupervised machine learning, anomalous behavior, and correlation rule filtering using top risky entity lists.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Sample content file for Interset analytics data
ArcSight ESM / Interset Integration Guide v0.1
NiFi Template to read CEF events from Kafka and generate Interset-specific data output
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox