ESM 4.0 Demonstration Script Attack Succeeds

Summary:

This document outlines an updated demonstration script for ESM 4.0 Build 5238 Patch 1, accessible on SF.com under the Demo documents folder. Key changes include requiring admin login to manage notifications and cases, updates in event graph display, and additional steps focused on Google Earth demo. Potential issues involve SmartConnector replaying events being limited and T60p laptop users facing severe lockup problems. The document concludes with a note of encouragement for review by the Pre-Sales Team and sharing feedback or encountered issues during demonstrations.

Details:

Subject: Updated ESM 4.0 Demonstration Script on SF.com From: John Bradshaw Date: June 4, 2007 To: Pre-Sales Team CC: Jim von Schmacht, Colby DeRodeff I have updated and verified the "Attack Succeeds - Compromised Host" SE Demonstration script for ESM 4.0 Build 5238 Patch 1. The new version is available on SF.com under the Demo documents folder with the file name: Arcsight ESM 4.0 Attack Succeeds – Compromised Target SE Demo Scenario. This update maintains the same flow as the previous version but highlights specific 4.0 changes. Key changes and notes from the previous version include: 1. Admin login is required for acknowledging notifications and updating cases. The soc1 user cannot drill down into event details directly from the notification window. 2. Event Graph display reflects some interface changes in 4.0. 3. Two optional steps were added to emphasize the Google Earth demo. Potential issues to be aware of: 1. Replay events using SmartConnector may only run once before needing to restart the connector. 2. T60p laptop users experience severe, intermittent lockup issues; this is being investigated by IT and will be communicated further. 3. Setup and loading for the demo take longer than usual; ensure a head start for demos to allow for sales rep interaction. Please review the new script and share any feedback or issues encountered during demonstrations. The text provided, which appears to be a note or message from John to someone related to customer service, can be summarized as follows: 1. The context is centered around being in front of the customer. This implies that John's position or location at the moment involves direct interaction with a client or customer who could potentially require assistance or services. 2. The statement "Good Luck!" serves as a positive sentiment or well-wishing expression, indicating that John wishes the best for this interaction and hopes that any endeavor undertaken in front of the customer is successful. 3. The message concludes with simply the name "John," which might be used to sign off on the note, emphasizing his role as the sender within the context of a business or service environment where direct communication with customers is key.