ArcSight System Monitoring Protect 724_1

Summary:

The document provides a comprehensive overview of ArcSight System Monitoring (ESM), part of HP's security product line. It covers the software's compatibility with multiple versions of ESM, Express, and CORR, its ability to detect configuration errors in the network model that could affect monitoring accuracy, and issues with event flows from connectors and loggers. Key features include automatic import of device information from Active Directory, configurable notifications for detected issues, recognition of unparsed events and late or duplicate event feeds, and verification of correct software versions for connected devices. The document also mentions a webinar held on July 25, 2014, to introduce the product and discuss its features in detail. Users can download additional documentation for more information. The communication is directed towards users or potential customers, emphasizing the importance of this software in maintaining system health and performance within an IT environment by addressing common issues highlighted through the software's capabilities.

Details:

The provided text appears to be a documentation or communication piece related to ArcSight System Monitoring, part of HP's security product line. It outlines the functionalities and capabilities of this software package, which is designed to monitor the health and performance of an IT environment. Key features mentioned include: 1. Compatibility with various versions of ESM (Enterprise Security Manager) and other specific products like ESM Express and CORR. 2. The ability to detect configuration mistakes in the network model that could affect monitoring accuracy. 3. Identification of issues in event flow from connectors and loggers, including those behind loggers. 4. Verification of correct software versions for connected devices, which can be automatically imported from Active Directory (AD). 5. Detection of devices not reporting to ESM or those that have ceased sending events, as well as identifying file reader connectors no longer reading logs like Bluecoat, IIS, or Apache. 6. Configurable notifications for issues such as every time they occur or after a specified wait period per connector and device. 7. Recognition of unparsed events and late or duplicate event feeds, indicating potential problems with data collection processes. 8. A webinar was held on July 25, 2014, to introduce the product and discuss its features further. 9. For more detailed information, users can download a documentation file attached to this content. The communication is addressed to users or potential customers of ArcSight System Monitoring, suggesting that it's beneficial for maintaining system health and performance in an IT environment by addressing common issues highlighted through the software's capabilities. This content is related to a product called "ArcSight System Monitoring" with version 2.1.2. It has been tagged as 'monitoring' and there are comments on the content from users discussing its availability for download, professional services engagement requirements, and later confirmation that it can now be downloaded directly. The user ratings average out to 4.857142857142857 stars (out of 5) based on 7 ratings provided by users. The conversation is about ArcSight System Monitoring, where John Dickinson is responding to queries regarding its usage and availability. In this thread: 1. Alexandru Stochitoiu asks if the presentation can be shared again as it wasn't fully visible during the original session. John confirms that the recording will be available soon and promises a link when accessible. 2. Ray Doty also requests access to the recorded presentation, mentioning he missed parts of it due to technical issues, but appreciates the efforts in organizing such sessions. 3. Carlos Alcocer from the community reaches out with a concern about using the package in ESM 6.5c SP1 where no information is displayed on the dashboards despite following all instructions and creating active channels. John responds by explaining that rules need to be activated and some default content needs to be deactivated, as detailed in the guide. 4. Carlos further inquires about activating rules and checks for correct WUC versions in connectors. 5. John provides guidance on configuring the system correctly, emphasizing the importance of following the provided guidelines and explanations within the documentation. In conclusion, ArcSight System Monitoring is a crucial package designed to monitor the health of an environment, compatible with various systems including ESM 5.2 and up, Express 3.0 and up, and CORR. It helps in identifying configuration mistakes, issues from connectors and loggers, incorrect WUC versions, and provides import options for servers from AD. The conversation highlights community engagement around this tool's usage and support needs, with the focus on activating rules and configuring settings as per official guidelines provided within the product documentation. The content you've provided is a summary of an ArcSight System Monitoring (ESM) package, which appears to be a part of the SIEM (Security Information and Event Management) solution used for monitoring logs from various sources such as Bluecoat, IIS, or Apache servers. This system allows for notifications to be sent either immediately or after a configurable wait period, per connector and device. It can identify unparsed events, late events, and duplicate event feeds, indicating which connectors are responsible for collecting data from the same devices. Additionally, there is a webinar titled "ArcSight System Monitoring Webinar with John Dickinson" dated July 25, 2014, and an invitation to download the documentation related to this package. The content also advises that if interested in this package, one should contact their sales representative for further engagement regarding installation. Lastly, there are mentions of user questions and interactions around ArcSight ESM, indicating discussions or inquiries from users on various topics such as HA (high availability) servers, user ID creation, multi-tenant setups, and alerts related to connector event counts.