How to Best Practices for Use Case Resource

Summary:

**Use Case Configuration Wizard (UCCW) in ArcSight Foundation** The Use Case Configuration Wizard (UCCW) is a crucial tool within the ArcSight Foundation suite designed to simplify the configuration of shared resources across multiple packages, particularly from version 4.0 onwards. This wizard enables users to configure parameters such as TTLs, schedules for trends, report scheduling, and rule enablement with associated actions like notification creation and case management. **Key Components of UCCW:** 1. **Introduction**: A mandatory panel where users are introduced to the wizard's purpose and functionalities. It sets the stage for what follows. 2. **Prerequisites**: An optional or mandatory section that may require additional information depending on the version, ensuring compatibility and necessary setup before proceeding. 3. **Event Sources**: Users can find details about device types processed by use case resources here, aiding in resource allocation and configuration. 4. **Use Case Configuration Panel**: This is where users can configure settings such as categorizing zones, specifying destination email addresses for notifications, and configuring specific resource settings based on the use case. 5. **Progress Feedback**: A visual progress bar helps users track their position within the configuration process. 6. **Navigation Commands**: Includes buttons like Help, Previous, Next, Cancel, and Finish to navigate through the setup steps smoothly. **Limitations:** - The wizard does not support customer use, although there is documentation available for reference. - Configuration is done via raw XML, which may require users to have basic XML editing skills or access to technical support for adjustments. **Workflow and Panels:** 1. **Prerequisites Panel**: Ensures that all necessary conditions are met before proceeding with the configuration. 2. **Event Sources Panel**: Provides information about device types processed by use case resources. 3. **Categorize Zones Panel**: Allows users to organize content into categories for easier management and searchability. 4. **Destination E-mail Panels**: Manages email settings for notifications related to certain activities on the platform. 5. **Resource Configurations Panels**: Involves configuring server resources efficiently based on user needs or usage patterns. 6. **Summary Panel**: Provides a quick overview of key performance indicators and statistics about the current state of the system. 7. **Complete Panel**: An encompassing section where all settings related to a particular feature set are managed under one roof. **Library Package Creation:** To ensure consistency and avoid conflicts, consider creating a library package that contains shared resources like anti-virus software, conditional variable filters, and global variables used across various ArcSight Foundation packages. This approach ensures well-maintained common resources without redundancy or potential version conflicts. Require this library package in other relevant packages to enforce the use of consistent and maintained resources across different parts of the system. **Benefits:** 1. **Version Control**: Ensures that all packages using a shared resource are utilizing the same version, preventing inconsistencies and potential issues caused by incompatible versions. 2. **Maintenance Efficiency**: Easier management of shared resources as updates or changes only need to be applied in one place, reducing redundant efforts and potential errors. 3. **Scalability**: Allows for easier expansion without worrying about compatibility issues between different package versions. By implementing these strategies, the ArcSight Foundation can provide a robust environment where users benefit from consistent, high-quality shared resources while maintaining flexibility and scalability.

Details:

The Use Case Resource (UCR) tool was developed to organize and present content related to specific areas or problem sets within the ArcSight platform. It consists of two main components: displaying related resources and utilizing the Use Case Configuration Wizard (UCCW). This guide explains how to create UCR objects, including best practices for building them, implementing the UCCW, and packaging use cases with their associated resources. To begin creating UCRs, modify the console.properties file by adding specific properties related to use cases: 1. Set `ui.showUseCaseEditorPanels` to true to enable menu items for authoring and additional tabs for metadata and linking dependent resources. 2. Enable the use case navigator with `ui.showUseCaseNavigator=true`. 3. Optionally, set a prefix for master use cases using `package.usecase.master.prefix`, defaulting to "Master". 4. Define the number of rows extracted during data import into an active list with `usecase.networkmodeling.maxrowfortable`, which defaults to 15. After modifying the console.properties file and starting the console, the UCR tab will appear in the resource navigator pane, allowing users to create new UCRs as they would other resources. Note that since newer versions of ArcSight (ESM v5.2, v6.0c, and ArcSight Express v3.0) include use cases by default, many related console.properties settings are no longer necessary; however, the provided properties remain valid if needed for specific configurations. The provided text describes aspects of a resource management system for creating and managing use cases, specifically within an environment that supports network modeling. It introduces several key features such as attributes, XML data handling, includes tab functionality, and notes section in the editor interface. Here's a summarized breakdown: 1. **Configuration Settings**: The text mentions two configuration settings - `maxImportProcessDuration` set to 120,000 milliseconds (or 2 minutes) and `maxImportCount` with an unspecified limit but context suggests it is related to the number of resources that can be imported. 2. **Editor Interface**: When a resource is created for a use case, the editor opens displaying four tabs: Attributes, XML Data, Includes, and Notes. The notes tab is standard across all resources and will not be detailed here. 3. **Use Case Attributes**: These are basic attributes like Name, Resource ID, Description applicable to every resource in the system but currently do not have a specific attribute for Master use cases which might be added in future updates. 4. **XML Data Handling**: This section is about incorporating UCCW (which isn't explained fully) and mentions that certain configurations such as buttons being inactive if UCCW is non-empty are applicable to specific versions of the software. 5. **Includes Tab**: Similar to how resources in Packages can be included, Use Case Resources (UCRs) have a similar feature but with limitations: groups can be included but only individual resources within those groups are shown; there's no option for excluding resources which might affect the display or functionality of UCRs differently from including them. This summary focuses on high-level functionalities and constraints related to use case management in the described system, providing a basic understanding for further exploration or implementation decisions. The text discusses several aspects related to a resource management system called "UCR" (Unified Resource Container). UCR has three main areas - Monitor, Library, and Toolbox. 1. **Use Case Display: Monitor** - This area shows the resources that users can directly interact with in the console, such as active channels, dashboards, query viewers, and reports. 2. **Use Case Display: Library** - The Library section displays supporting resources for a use case. Examples include data monitors used within dashboards, rules, active lists, session lists, filters, queries, fields, field sets, etc. It is important to note that these resources will not automatically appear when including a monitor resource if they are dependent on it; they must be explicitly included in the UCR display. 3. **Use Case Display: Toolbox** - The Toolbox area shows utility resources like notification destinations, asset categories, vulnerabilities, zones, stages, other UCRs, etc., that can be included in a UCR. 4. **“Master” Use Cases** - In the context of this system, there is a concept of a master use case which, when designated, will have its UCCW (Unified Configuration Change Wrapper) automatically run after successful package installation. However, issues with this approach include possible lack of implementation for UCCW and the requirement to prepend "Master" to the use case name, which can be considered unsightly. An enhancement request suggests replacing this method with a checkbox attribute within the UCR for managing master use cases. 5. **Use Case Best Practices** - The author recommends explicitly including all desired resources in the UCR display and providing a clear description of the UCR at the top to enhance usability. Additionally, grouping resource creation under the same name as the use case (e.g., /All Use Cases/Public/S) is advised for organizational clarity. SQL Server Monitoring involves organizing resources into a logical structure for easier management in UCR (Universal Configuration Repository) of ArcSight systems. The organization starts with monitor items and expands to include supporting items like dashboards, data monitors, filters, query viewers, lists, rules, and other use cases. It's crucial not to include groups or anything under specific resource types mentioned above as they are system-wide collections that can cause issues when exporting. Use case resources should be added to a package following the same hierarchy as the UCR, avoiding including groups, and ensuring relevant fields like event fields are removed if field sets are included in the package. Always check for internal ESM issues such as excluding reference IDs during exportation. The text discusses several key points related to packaging use case collections in software applications like ArcSight. It emphasizes that packages should not be populated with data from session lists unless necessary, as this can lead to including unwanted data in the package. Instead, it suggests using the default export format to avoid such inclusions. To ensure proper functionality and prevent issues during installation or usage, the text recommends testing the use case packages on a clean system, which helps verify that all necessary components are included without conflicts. It also highlights the importance of setting a specific version for published use case collections, which aids in preventing errors due to outdated versions being installed over newer ones. Additionally, it provides an example from the Microsoft Windows Monitoring content pack within ArcSight Express and ESM, discussing how pre-populated active lists can be useful for holding human-readable text related to coded information in events. These lists are created separately to avoid including unnecessary data from development or test systems when distributing the package to other customers. The article discusses organizing resources within use cases by creating packages and, if necessary, a library package. For situations where multiple use cases share common resources (like filters or field sets), the solution is to create a library package that contains these shared resources. This helps avoid conflicts between different versions of the same resource in various packages. 1. **Creating Packages**:

• A package should be created for each specific grouping of related use cases, such as Microsoft Windows Monitoring and Cisco Monitoring.

• Include pre-populated lists in this support package and remove them from the main use case topic package.

• In the main use case topic package, require the support package to ensure that shared resources are consistent across all packages.

2. **Library Packages**:

• When there are common resources used by multiple packages or even different types of resources (like filters and field sets), a library package is beneficial.

• Create a library package containing these shared resources, ensuring version control by requiring the library package in other relevant packages.

• Examples of such library packages include those for anti-virus software, conditional variable filters, and global variables within ArcSight Foundation content.

This approach ensures that all use cases benefit from consistent, well-maintained common resources without redundancy or potential conflicts between different versions of the same resource. The text discusses two main aspects of a system or software tool called "Use Case Configuration Wizard" (UCCW) used within ArcSight Foundation products, particularly those starting from version 4.0. These include packages such as Monitoring Support Data and Global Variables, which are shared across several other foundation packages but have specific limitations that prevent them from being included in user-defined packages. The UCCW is designed to facilitate the customization of resources through a wizard interface for users to set parameters like TTLs (Time To Live), schedules for trends, scheduling of reports, and enabling or disabling rules along with their actions like sending notifications and creating cases. However, it's important to note that there isn't a dedicated development wizard; all configurations are done using raw XML, which can be edited through a basic XML editor provided within the system. Currently, UCCW is not supported for customer use, but there is documentation available in the online help and ArcSight Console User’s Guide. The workflow of the UCCW includes several configuration panels: an introduction that must be filled out to explain what the wizard covers and prepares the user; prerequisites which are optional or mandatory based on the version (earlier versions might require more information); and event sources where users can find information about device types processed by the use case resources. The Use Case Configuration Wizard Panel allows users to configure settings for various aspects of a system or application, including categorizing zones, specifying destination email addresses for notifications, and configuring resource settings specific to certain resources. Users can input details such as active list TTL, rule enablement, entry expiry time for session lists, and other configurations based on the use case. The wizard provides visual feedback in the form of a progress bar indicating the user's position within the configuration process. Commands include Help, Previous, Next, Cancel, and Finish buttons to navigate through the setup steps. The text provided appears to be a list of various panels or sections within the context of Microsoft Bing, which is a search engine owned by Microsoft. Here's a summary of each panel mentioned in bullet points: 1. **Prerequisites Panel**: This likely refers to a setup or configuration section where certain requirements must be met before proceeding with other functionalities, possibly ensuring compatibility or setting up necessary permissions for specific features. 2. **Event Sources Panel**: This could be an interface within Bing's settings or configurations that allows users to define and manage the sources from which they want to collect data or events. This might include social media platforms, websites, applications, etc., depending on what type of user interaction data Bing is designed to aggregate for its algorithms. 3. **Categorize Zones Panel**: A tool within the application that helps users organize and classify different sections or types of content they manage online (e.g., categories for news articles, product listings, blog posts). This feature aids in navigation and search capabilities by allowing targeted categorization according to user-defined criteria. 4. **Destination E-mail Panels**: These panels are associated with managing email settings where notifications related to certain activities on Bing might be sent (e.g., new messages or updates from subscribed sources, relevant content alerts). This panel would allow users to specify which emails they receive and how frequently, ensuring that communication is tailored according to preferences. 5. **Resource Configurations Panels**: These panels likely manage the allocation of resources like bandwidth, processing power, memory, etc., used by Bing's various services or features. It involves configuring server resources efficiently based on user needs or usage patterns. 6. **Summary Panel**: This panel provides a quick overview of key performance indicators (KPIs) and statistics about the current state of the system, including recent searches performed, trends observed in search queries, and other relevant metrics that are important for monitoring overall health and effectiveness of Bing's service. 7. **Complete Panel**: Signifies an all-encompassing section or interface where everything related to a particular feature set is managed under one roof. This might include options to adjust settings, configure connections with external services, and view detailed reports on performance, usage, etc. These panels collectively form the user interface of Microsoft Bing, providing various functionalities that help users manage and optimize their use of the platform according to individual needs and preferences.