How to Best Practices for Use Case Resource

Summary:

### Creating Effective Use Case Packages in ArcSight Software To create effective use case packages in ArcSight software, follow these outlined guidelines to ensure efficiency and organization: 1. **Package Naming and Structure** - Name your package according to its topic or top-level UCR (Use Case Report). Maintain a hierarchical structure that reflects the relatedness of resources within the package. 2. **Excluding Unnecessary Resources** - When including field sets, exclude `/All Fields/`, `ArcSight System/`, `Event Fields/`, from the package's Removed Resources section. This helps in keeping the package clean and focused on specific use cases. 3. **Avoiding Internal Issues** - Check the Exclude Reference IDs checkbox in the advanced settings to prevent internal issues with new features, ensuring smoother integration of updates or new functionalities. 4. **Export Format** - Opt for the default export format unless you need to include list data. This automatically excludes lists which can be beneficial if they are not required for specific use cases. 5. **Package Viewer and Review** - Use the package viewer in advanced mode to review included resources and ensure no unnecessary items are added. This step helps in maintaining a lean and focused package structure. 6. **Versioning Your Package** - Set a version number for your package to manage updates effectively, preventing older versions from overwriting newer ones and ensuring that the most up-to-date data is utilized. 7. **Testing Before Deployment** - Always test packages on a clean system before final deployment to avoid conflicts and issues, ensuring that they function as intended in different environments. ### Creating Support Packages for Common Resources To manage and organize resources used across multiple use cases within ArcSight, consider creating specialized support packages: 1. **Identify Need** - Recognize situations where multiple use cases might share common resources such as filters, field sets, or global variables. 2. **Create Support Package** - Develop a new package specifically for these shared resources and name it appropriately (e.g., Support). 3. **Include Pre-populated Lists** - Populate this support package with any pre-existing lists that are used across multiple use cases, ensuring they do not contain sensitive or development data intended only for certain users. 4. **Modify Original Packages** - In each of the original use case packages (e.g., ), remove these redundant lists to avoid duplication and potential conflicts. 5. **Require Support Package** - Ensure that each use case package requires the support package in its configuration, so that shared resources are automatically included without needing manual intervention every time a new system or instance is set up. 6. **Monitor Usage** - Regularly check to ensure that all systems and instances using these packages have updated configurations, preventing issues with outdated resources affecting performance or accuracy. ### Creating Library Packages for Consistency To avoid conflicts and ensure consistency in the use of common resources across multiple packages, consider creating a library package: 1. **Create and name the library package** - Develop a new package specifically for housing shared resources and name it appropriately. 2. **Include the common resources in the library package** - Ensure this package contains all necessary resources that are required by more than one other package. 3. **Remove these resources from your package** - Exclude any resources already included in the library package to avoid conflicts and redundancy. 4. **Require the library package** - Ensure that each use case or topic package requires the library package in its configuration, ensuring consistency across installations. ### Use Case Configuration Wizard (UCCW) For customizing certain resources like TTLs, schedules, and rules through an interactive interface: 1. **Create Library Packages** - Develop a library package for shared resources that can be required by multiple use case packages to maintain consistency across installations. 2. **Include in Use Case Configuration Wizard** - Utilize the UCCW development wizard, which relies on raw XML for creation, and ensure it is integrated into your setup process. 3. **Documentation and Support** - As of now, there may be limited documentation or support available for use case creation through the UCCW. Reach out to the content team at ARST (systemcontenttroops) or prentice@hp.com for assistance if needed. By following these detailed steps and guidelines, you can effectively create, manage, and maintain use case packages in ArcSight software, ensuring efficiency, data consistency, and security across different use cases.

Details:

The Use Case Resource (UCR) tool was developed to group and present content related to specific areas or problem sets. It includes two main components: displaying related resources and utilizing the Use Case Configuration Wizard (UCCW). While traditionally only ArcSight Engineering developers could create and edit UCRs, this guide aims to make the process accessible for others by detailing how to modify the console.properties file and subsequently creating UCR objects within the system. To begin creating a UCR, one must first modify the console.properties file by adding specific properties:

• `ui.showUseCaseNavigator` should be set to true to display the navigator even if no use cases are present in the system.

• `ui.showUseCaseEditorPanels` should also be set to true to enable menu items for use case authoring, which adds extra tabs such as meta data and linking dependant resources.

After making these changes and starting the console, the UCR tab will appear in the resource navigator pane, allowing users to create new UCRs just like other resources. The editor that opens includes four main tabs: Attributes, XML Data, Includes, and Notes. Although notes are standard across all resource editors, their specific use within UCRs is not detailed here. The Use Case XML Data tab is crucial as it contains the data needed for implementing the UCCW. This will be further elaborated upon in subsequent discussions. The document discusses certain limitations and functionalities related to User-Created Content (UCCW) within ArcSight products such as ArcSight Express v4.0, ESM versions 5.5, 6.0c, and 6.5. UCCW is a feature that allows users to create custom content for the console, but there are specific conditions where its use might be restricted or requires attention: 1. **UCCW Limitations**: If the UCCW is not empty, the Configure button at the top of the Use Case display and the Configure Use Case option in the right-click menu will be grayed-out for these versions. This means that some configurations related to customizing the use case are unavailable when the UCCW contains data. 2. **XML Header/Footer**: The editor automatically generates XML header and footer information which should not be removed until the UCCW is ready to be implemented. 3. **Use Case Includes Tab**: This section explains that the "Includes" tab functions similarly to the "Resources" tab in Packages, but with some important differences:

• **Group Inclusion**: While you can include entire groups in a Use Case Report (UCR), only the group will be displayed. Resources within included groups and their dependencies are not automatically shown in the UCR display. Users must explicitly add these resources.

• **Exclusion of Resources**: Unlike the Resources tab, UCRs do not support the exclusion of resources. This is because dependent resources of a resource explicitly included in a use case are not automatically included, which means that if you include a monitor resource that uses supporting resources like rules or filters, those supporting resources will not be added unless they are also explicitly included.

4. **Use Case Display Areas**: The UCR display consists of three main areas: Monitor, Library, and Toolbox:

• **Monitor Area**: This area shows the interactable resources such as active channels, dashboards, query viewers, and reports.

• **Library Area**: Displays supporting resources like data monitors that are used in a dashboard, rules, active lists & session lists, filters, queries, fields, field sets, etc. These must be explicitly included to appear in the UCR display.

• **Toolbox Area**: Contains utility resources that can be added to a UCR, such as notification destinations, asset categories, and vulnerability information.

Overall, while ArcSight products provide flexibility for custom content creation through UCCW, there are specific constraints related to how dependencies and explicit inclusions work in the Use Case Report feature depending on the version of the software. The passage discusses the concept of a "Master" Use Case within the UCR (Use Case Repository) feature. In this context, when a package containing multiple use cases is installed, one use case can be designated as the master use case, which automatically runs its UCCW (User Custom Content Widget) after successful installation. However, issues arise from the requirement that the master use case must have "Master" prepended to its name, which some find aesthetically unpleasing. An enhancement request suggests replacing this with a checkbox attribute within the UCR for easier management. The passage also provides best practices for creating effective Use Cases: 1. Always explicitly include the resources you want shown in the UCR display. 2. Include a description of the UCR, which appears at the top of the display to help users understand its purpose. 3. Name groups containing use case resources logically according to the use case name for easier navigation and organization. 4. Start with monitor items and add supporting items such as dashboards, data monitors, filters, queries, lists, rules in a sequential order. 5. Use nested use cases (e.g., sub-use cases) within larger use cases or across different repositories to logically group related resources together for better management and accessibility. 6. It is acceptable to have resources used by multiple UCRs; however, consider how you package and deploy your use cases in such scenarios. The passage concludes with an example of nested use case structure mentioned as "/All Use Cases/ArcSight Administration/

Overview," highlighting its effectiveness for grouping related use cases. The provided text outlines guidelines for creating and managing use case packages in ArcSight software, specifically addressing the avoidance of including certain resources such as groups and predefined resource types like "ArcSight System," "ArcSight Administration," etc. It emphasizes using UCRs (use case reports) to organize resources logically within a package. To create effective use case packages: 1. Name your package according to its topic or top-level UCR, maintaining the hierarchical structure of related resources. 2. If including field sets, exclude /All Fields/ArcSight System/Event Fields/ from the package's Removed Resources section. 3. Check the Exclude Reference IDs checkbox in the advanced settings to avoid internal issues with new features. 4. Opt for the default export format unless you need to include list data; it automatically excludes lists which can be unwanted but necessary for specific use cases. 5. Use the package viewer in advanced mode to review included resources and ensure no unnecessary items are added. 6. Set a version number for your package to manage updates, preventing overwriting newer versions with older ones. 7. Always test packages on a clean system before final deployment to avoid conflicts and issues. These steps ensure that use case collections are well-organized, efficient, and free from unwanted data inclusions. In order to effectively manage and organize resources used across different use cases within a system like ArcSight, it is beneficial to create specialized support packages for common or pre-populated lists. This approach helps avoid redundancy and ensures that the most up-to-date data is utilized without compromising privacy or specific content intended for certain customers. Here’s a step-by-step breakdown of how to implement such a strategy: 1. **Identify Need**: Recognize situations where multiple use cases might share common resources, such as filters, field sets, or global variables. 2. **Create Support Package**: Develop a new package specifically for these shared resources. Name the package appropriately (e.g., Support). 3. **Include Pre-populated Lists**: Populate this support package with any pre-existing lists that are used across multiple use cases, ensuring they do not contain sensitive or development data intended only for certain users. 4. **Modify Original Packages**: In each of the original use case packages (e.g., ), remove these redundant lists to avoid duplication and potential conflicts. 5. **Require Support Package**: Ensure that each use case package requires the support package in its configuration, so that shared resources are automatically included without needing manual intervention every time a new system or instance is set up. 6. **Monitor Usage**: Regularly check to ensure that all systems and instances using these packages have updated configurations, preventing issues with outdated resources affecting performance or accuracy. This method helps streamline the management of common resources across multiple use cases, reducing redundancy, improving efficiency, and ensuring data consistency and security. The article discusses potential issues with package dependencies in software where different versions of resources might be installed depending on the order of installation. To avoid conflicts and ensure consistency, it suggests creating a library package that includes common resources used across multiple packages. Here's how to create and use such a library package: 1. **Create and name the library package**: Develop a new package specifically for housing shared resources. 2. **Include the common resources in the library package**: Ensure this package contains all necessary resources that are required by more than one other package. 3. **Remove these resources from your package**: To avoid conflicts and redundancy, exclude any resources already included in the library package. 4. **Require the library package** in your main use case or topic package to ensure consistency across installations. The article also provides examples of such library packages within the ArcSight Foundation content, which are required by several other foundation packages. It is recommended to include these packages in your setup and exclude their resources when needed. Lastly, the Use Case Configuration Wizard (UCCW) allows for customization of certain resources like TTLs, schedules, and rules through a wizard interface, providing users with an interactive way to tailor the software to specific needs without directly modifying core packages. The UCCW development wizard relies on raw XML for its creation, which makes it a very basic tool. As of now, this platform does not have official customer support or documentation for use case creation. If you encounter any problems during your usage, you should reach out to the content team at ARST - systemcontenttroops or prentice@hp.com for assistance. The functionality might be updated in future releases, and once it has been tested and certified by QA, this section will be improved accordingly.