ARCSIght Solution Offerings Use Case Mapping

Summary:

The ArcSight Solution Offerings Use Case Mapping is a versioned collection of security-related use cases and related content organized within the PS - Delivery Methodology group. It includes various titles such as "ULM Compliance Reporting," "Perimeter Security Insider Threat APT Data Loss Monitoring Privacy Breaches ACS Use Case," and more, covering scenarios like compliance reporting, insider threat management, advanced persistent threats (APT), data loss monitoring, privacy breaches, etc., using ArcSight solutions like the Advanced SOC, AIDE configuration, logger reports, and specific connectors for client logs. The document outlines a variety of technical use cases including virus activity, user account management, process tracking, firewall settings, and more. Each use case is associated with an ARB (Arbiters) tag indicating multiple variations or alternative approaches may be considered. These use cases are categorized under various service offerings, delivery tools, consulting services, and PS-JumpStart Use Case, suggesting a broader application across different IT security and management solutions. The document has no user ratings yet but contains one comment with no feedback provided on the effectiveness of the use cases.

Details:

The document "ArcSight Solution Offerings Use Case Mapping" is a versioned collection of use cases and related content for ArcSight solution offerings, organized within the Professional Services > PS - Delivery Methodology group. It includes titles such as "ULM Compliance Reporting Perimeter Security Insider Threat APT Data Loss Monitoring Privacy Breaches ACS Use Case," among others like "Advanced SOC Use Cases," "AIDE Configuration and Logger Report Use Case," "APT Successes and Challenges," "ArcSight Remedy Client Use Case and Log Flexconnector," and more. These use cases cover a range of security-related scenarios, from compliance reporting to perimeter security, insider threat management, APT (Advanced Persistent Threat) detection, data loss monitoring, privacy breaches, and more, using various ArcSight solutions like the Advanced SOC, AIDE configuration, logger reports, and specific connectors for client logs. This document outlines a variety of use cases and procedures for monitoring and detecting various cybersecurity threats. The list includes specific scenarios such as unauthorized access attempts to high-risk user hosts, detection of malicious software on critical systems, monitoring of DNS events, and tracking user activity within an organization. Other topics covered include the use of Enigma Tool, EPS Trend Reports, FISMA systems not responding, and handling malware domain lists. The document also covers specific technologies like Logger 5.1 Web Service Client API, McAfee ePO Filter Package, and monitoring of physical badge activities through Identity View. Additionally, it addresses practical examples such as Gmail file uploads, unauthorized administrative access detections, and use cases for external devices like Forescout P2P with Virus Detection and Last Login Tracking across different operating systems. The text lists various use cases and associated arbiters (ARBs) for different cybersecurity tools and applications. These include monitoring of Unix OS login attempts, Windows user sessions in a 2008 AD environment, neighbor snooping, network forensic integration with ArcSight ESM, NetDetector 4.2 integration commands, data monitors without events, open protocol monitoring for detecting botnets, C&C, and APTs, OUI list, system health monitoring, OWASP Web Application Firewall (WAF) use cases, P2P activity alerting, partition notification, Poison Ivy monitoring, possible account compromise alerts, malware outbreak detection, print job monitoring, production content monitoring, Qualys Quard vulnerability management, RBN traffic detection, Red October bot check, resignation list monitoring, server account lockout monitoring, pattern discovery simplification, SIOC perimeter defense use cases, sourcefire administration dashboard, high-impact correlated intrusion events, SQL injection detections, suspicious file uploads and password usage alerts, Symantec Data Loss Prevention (DLP) with CEF support, and alerts for high-risk emails. Additionally, there are use cases specific to UNIX service account anomaly detection, user geo-location tracking, Top 10 foreign outbound communications, ToR network acceleration, host and domain virus outbreak tracking, unauthorized access to Windows shares, and UNIX OS success and failed logins with SU attempts. This document outlines a variety of technical use cases related to different aspects of system monitoring and security, including virus activity, user account management, process tracking, firewall settings, and more. These use cases are part of a broader suite designed to enhance the detection and response capabilities in various environments, particularly within IT infrastructures that run on Windows-based systems. Some of the specific use cases listed include: 1. Virus Activity and Outbreak Monitoring Use Case - This involves tracking and detecting any malicious activities related to viruses across multiple platforms. 2. Windows Based Printer Usage Tracking - A mechanism for monitoring how printers are being used within a Windows environment, potentially helping in cost reduction or security compliance audits. 3. Windows Firewall - New Listener Port Use Case - Focuses on the detection of new listener ports that might indicate potential unauthorized access attempts. 4. Zero EPS Connector Flow Alerting Use Case - A use case for monitoring and alerting about unusual network traffic flows through a zero-configuration endpoint protection system (EPS). 5. Zeus-Bot Monitoring and Alerting Use Case - Designed to track and alert on any suspicious activity related to the Zeus botnet, which is known for stealing online banking credentials. Each of these use cases includes an "arb" tag, indicating that there may be multiple variations or alternative approaches being considered or implemented depending on specific circumstances or requirements. These use cases are categorized under various service offerings, delivery tools, consulting services, and PS-JumpStart Use Case, suggesting a broader application across different IT security and management solutions. The document also mentions the average user rating is 0 out of 5 stars with no ratings provided yet. There's one comment available for this content, but it does not provide any feedback on the use cases or their effectiveness.