App Defender - Application Logging Demo VM Available

Summary:

This document outlines a demo virtual machine (VM) for application logging within the HP ArcSight system, aimed at enhancing security operations. Key points include: 1. **System Details**: The VM is hosted on iRock under HP ArcSight and App Defender, featuring Application Logging Demo VM with CentOS 7.3 OS, 4 cores CPU, 6GB Memory, and 80GB disk space. It operates with DHCP NAT'd network settings. 2. **Login Credentials**: Users can access the VM with logins for arcsight (with password arcsight) and root, plus admin with arcview as ESM login credentials. 3. **Documentation and Training Materials**: Available versions of application logging content include technical enablement training slides and a PowerPoint presentation for pre-sales enablement. 4. **Download Links**: Accessible via SFTP (port 2222) or HTTPS to an external FTP server, with login details provided in the document. 5. **File Storage**: All files are stored under "App Logging ESM 6.11 Demo VM" and include various attachments like license keys, documentation, and demo content. 6. **Outcomes**: The demonstration focuses on improving application log visibility through HP ArcSight Application View by integrating with App Defender for threat detection and response. This document serves as a guide to accessing resources for learning about and demonstrating application logging capabilities within the ArcSight environment, offering detailed information on file storage and login credentials.

Details:

The document provides information about an Application Logging Demo VM available for Security Operation groups through the iRock platform, which is associated with HP ArcSight and App Defender. This tool aims to offer application log visibility, security event analysis, and correlation to respond to threats and reduce risks by utilizing ArcSight ESM. Key points include: 1. The latest release of Application Defender 17.1 includes specific ESM content for Application Logging and Protection. 2. A replay ArcSight agent is included in the VM to populate App Logging dashboards with pre-configured data, which should cover most dashboards and active channels, triggering alerts as well. 3. To simulate live attacks within the ArcSight ESM and App Defender Server, you can use Riches App/Vulnerable App; however, installation of the App Defender agent and assignment to a Risk group are optional (refer to Appendix A for further details). 4. The VM specifications include: OS - Centos 7.3, CPU - 4 cores, Memory - 6GB, Total Disk Space - 80GB, configured with DHCP NAT'd network settings. The provided information outlines the setup and details for accessing a demonstration of application logging features, including App Defender, within HP ArcSight (formerly known as HPE Security). Here's a summary of key points from the text: 1. **System Details:**

• Hostname: vm-esm691c

• Logins for VM include arcsight and root with password arcsight, plus admin with arcview as ESM login credentials.

2. **Documentation and Training Materials:**

• There are several versions of application logging content available for download, including older ones like 2016 dated files and a current version (ESM 6.11 Demo VM).

• Documentation includes technical enablement training slides titled "Application Logging and App Defender Demo" and a PowerPoint presentation named "App Defender - Pre Sales Enablement - Application_Logging_Demo_VM.pptx".

3. **Download Links:**

• SFTP access: sftp://def_demo@ftp.ext.hpe.com with port 2222, or HTTPS access to https://ftp.ext.hpe.com/hprc.

• FTP access includes a login (def_demo) and password (gi$BM3yn), which is case-sensitive.

• Drop Box Host details include IP addresses and expiration dates for the demo content.

4. **File Storage:**

• All files are stored under the folder "App Logging ESM 6.11 Demo VM".

5. **Attachments:**

• Manager_ArcSight_Internal_License_Key, App Defender 17.10 ESMContent, App_Defender_events, and various documentation files like quick start guides and scripts are available for download.

6. **Outcomes:**

• The primary outcome highlighted is the visibility provided through HP ArcSight Application View, which is enhanced by the demonstration content related to application logging and App Defender.

The information provides a comprehensive overview of how to access and utilize resources for learning about and demonstrating application logging within the ArcSight environment, including details on file storage and login credentials. This content is related to various tags including "fortify," "replay_events," "app_view," and others such as "presales_enablement" and "aspire." It primarily discusses updates to demo environments, virtual machines, and materials for the application "Aspire 2016" which seems to be related to logging, event handling, and possibly software demonstration. The content is dated August 15, 2017, with an update by Johnny Khoury on October 5, 2016, updating demo environment files including replay events and ESM contents.