HP ArcSight PoC Request Form Express

Summary:

It seems like you've provided detailed information about the ArcSight Logger Software, including its compatibility with various operating systems, memory requirements, disk space needs, supported browsers, and other important specifications. Here’s a summary of what you've mentioned: 1. **Operating Systems Compatibility**: The software can operate on specified Linux and Windows operating systems, as well as support VM installations for both OS types. 2. **Memory Recommendations**: For optimal performance, especially in larger deployments, it recommends at least 12 GB RAM per VM instance if you have more than one CPU or two CPUs. 3. **Disk Space Requirements**: Minimum disk space requirements range from 10 GB for small to medium deployments up to 65 GB for medium to large deployments. These should be on a partition dedicated to the Logger software. 4. **Supported Browsers**: Includes Internet Explorer versions 7 and 8, and Firefox versions 3.6 and 5.0, with Adobe Flash Player required for certain features like Histogram and charts. 5. **System Requirements During Installation**: Avoid running other applications on the system during Logger installation, and ensure no versions of PostgreSQL or MySQL are installed. 6. **VM Instance Memory Allocation**: Allocating at least 4 GB RAM per VM instance is recommended, with a higher recommendation for larger deployments. 7. **Hardware Accessories**: Initial configuration requires specific hardware accessories such as a VGA monitor, USB keyboard, and USB mouse. 8. **Browser Plugins**: Adobe Flash Player is required for certain features like Histogram and charts in supported browsers. 9. **Operating System Compatibility for Connector Appliance Software**: Includes Red Hat Enterprise Linux (RHEL) versions 5.7 and 6.1, CentOS versions 5.7 and 6.1, Oracle Enterprise Linux (OEL) version 5.7 and 6.1 in a 64-bit configuration. 10. **VM Memory Constraints**: The total memory of all active VMs on a server should not exceed the physical memory capacity of the server. 11. **CPU Constraints**: It is recommended to use no more than two CPUs for optimal performance. 12. **Workstation Requirements**: For installing the ArcSight Console, a Windows, Linux, or Macintosh workstation is necessary. A Linux system is required for Logger and Connector Appliance installations. This summary provides a clear understanding of the technical specifications needed to ensure compatibility and optimal performance when deploying the ArcSight Logger interface and Application Security Monitor on both downloadable versions and connector appliance software across different operating systems.

Details:

The letter discusses a request for completing a form to start an ArcSight proof of concept process. It emphasizes the need for all sections of the form to be completed and asks for clarification if any questions arise by contacting relevant representatives. Once the form is completed, along with the required software evaluation agreement, a meeting will be scheduled to review the document, finalize success criteria, and schedule the proof of concept. The letter expresses anticipation of working together to demonstrate ArcSight's capability to meet or exceed expectations. Furthermore, there is an attached important notice that highlights the confidential nature of the information provided in this form. It states that the recipient must not reproduce or disclose the information to any person outside their evaluation team without authorization from HP, except under specific conditions. The document contains details about current HP products, sales, and service programs which are subject to change at HP's discretion. HP does not guarantee the accuracy or completeness of the provided information. This document outlines a proposal for HP to provide products and services related to cybersecurity solutions, specifically tailored for the customer's project. The solution proposed includes ArcSight SmartConnector Environment features such as Application Security Monitor (AppSM) and compliance with various standards like PCI, IT Governance, Sarbanes-Oxley, FISMA, HIPAA, NERC, and JSOX. The proposal specifies that HP will provide hardware and software appliances for the solution. The target duration of this project is five days, starting from a specified target start date to a target end date. It emphasizes that the information provided should be used at the recipient's discretion, with no liability assumed by HP or its representatives if used incorrectly. The term "solution" in this context refers to the proposed products and services, which are not guaranteed to meet all requirements; additional information may be required for a tailored configuration. The terms "partner" or "partnership" do not imply any formal legal partnership but rather describe a collaborative relationship between HP and the customer arising from teamwork. For questions or issues regarding this proposal, contact the sales representative directly. The document also includes specific details such as the company name, department, division name, agency or branch, and sales representative information. The provided information outlines various aspects related to an unspecified project involving ArcSight and its solutions for security, compliance, and event management. Here's a summary based on the questions provided: **Business Problems:** The primary business problem seems to be around managing regulatory compliances such as PCI (Payment Card Industry), Sarbanes-Oxley (SOX), and potentially others not explicitly mentioned. The project aims to address these compliance issues through a Security Information and Event Management (SIEM) solution, likely focused on enhancing security posture and operational efficiency. **Executive Sponsor:** There is no mention of an executive sponsor for the project in the provided text. **Key Business Users:** The key business users expected to benefit from this SIEM solution include those involved in compliance, IT operations, and potentially other roles that interact with or are responsible for security and event management within the organization. **Alternatives Considered:** No specific alternatives have been mentioned beyond ArcSight itself. The lack of detail suggests a potential focus on evaluating ArcSight as the most suitable solution based on future needs and objectives. **ArcSight Appeal:** The appeal of ArcSight lies in its ability to address multiple compliance requirements, potentially providing a unified platform for monitoring and managing security events across different systems and environments. **Desired Implementation Timeline:** There is no mention of a preferred timeline for implementation. However, the focus seems to be on detailed evaluation and planning rather than quick deployment timelines. **Cost Justification:** The justification for ArcSight's cost revolves around its ability to meet future regulatory requirements and potentially reduce compliance costs by centralizing management through a single SIEM platform. **Current Problems if Nothing is Done:** If the organization does not address current issues, potential consequences could include increased risk of non-compliance fines, loss of customer trust due to security breaches or inadequate controls, and operational inefficiencies arising from lack of visibility into IT and security events. **Detailed Project Description:** The project involves deploying ArcSight solutions across multiple platforms (C5400, L3400, L7400s, L7400x) with the aim to manage compliance requirements like PCI, SOX, etc., through a comprehensive SIEM tool. The scope of deployment includes setting up connectors for various systems and potentially implementing additional smart connectors as needed but limited to five or six in total. **Compliance Requirements:** The project involves evaluating if there are any regulatory compliance requirements such as PCI, SOX, NERC, FISMA, or HIPAA that need to be addressed within the scope of this proof of concept. **Event Processing and Use Cases:** Expected event processing rates in the proof of concept will be compared with production environments, focusing on specific use cases related to security, compliance, and IT operations which will help develop real-world scenarios during implementation. This summary highlights that while there is no explicit executive sponsorship mentioned, the project has a clear objective to enhance regulatory compliance through technological means, likely involving ArcSight as the primary tool for this purpose. The evaluation process includes detailed planning and potential use cases based on existing and future challenges in these areas. This document outlines a requirement for a 3D scanner that should efficiently capture, filter, normalize, aggregate, and categorize event data from multiple sources such as O/S Log, Firewall, IDS, Database, Applications, VA Scanner. The success criteria for this proof of concept include demonstrating the ability to collect events without significantly affecting network performance, providing fault-tolerant collection with caching capabilities during outages, real-time correlation of events to identify threatening activities, ease of modifying existing or creating new correlation rules without scripting or complex queries, automatic tracking and prioritization of suspicious or malicious users/hosts, graphical dashboard views for monitoring security and compliance activities in real-time, ability to create customizable displays suitable for both business and technical users, setting up real-time baselines for network and event activity rates, and the capability to model networks and assets while correlating and reporting on them. The provided text outlines the capabilities of ArcSight AppSM, a software solution designed for enterprise security management. Key features include robust incident handling with automated escalation and performance metrics, advanced workflow features such as annotation, assignment, case management integration, and trouble-ticketing systems, ability to generate reports on security, compliance, and IT operations, customizable report generation, and compliance content solutions that automate log review and provide regulatory compliance reporting. ArcSight AppSM also supports threat correlation, visualization, and reporting both internally within the organization and externally. It monitors applications for both internal and external users, correlating application-related activities with non-application events to swiftly detect security threats beyond common OWASP top-10 threats. The software efficiently captures, filters, normalizes, aggregates, and categorizes event data from various sources including operating systems, firewalls, intrusion detection systems, databases, applications, and vulnerability scanners without negatively impacting network performance. The text also includes success criteria for the sample Logger feature, which involves capturing, filtering, normalizing, aggregating, and categorizing event data efficiently, enabling real-time search and reporting on events from any source, and generating reports that communicate security, compliance, and IT operations activity and posture. It highlights the ability to customize existing reports without performance penalties, indicating a flexible and user-friendly interface for managing and analyzing security information. This document outlines a comprehensive approach for implementing an ArcSight solution that includes real-time monitoring, robust reporting capabilities, and advanced security features such as granular role-based access control, different retention periods for event data, fault-tolerant event collection, and the ability to detect both internal and external threats. The implementation involves several steps in a one-week proof of concept (POC), starting with legal agreements and business approvals, followed by technical setup and installation of ArcSight appliances and SmartConnectors. Configuration of event sources is crucial for data collection, ensuring that all required information is captured from various sources. This solution also allows for the adjustment of retention periods based on the type of event data, enhancing organizational compliance and security posture. The document emphasizes the importance of a dedicated technical contact throughout the process, which will manage day-to-day operations and ensure smooth integration with existing systems. The document outlines a five-day plan for implementing the ArcSight solution, including initial setup, demonstrations, and final presentations. Key points include: 1. **Day 3-4 Agenda**: This phase involves setting up the environment and conducting demonstrations tailored to different user groups (analysts, IT operations, business users). The goal is to develop custom content based on customer requirements through collaboration with a primary contact. Demonstrations are scheduled for 2-4 hours each and include up to six participants per session. 2. **Customer Resources Required**: This includes a primary technical contact and additional attendees for the presentations. 3. **Day 5 Agenda**: The final day involves presenting the results of the proof of concept, validating content with the primary technical contact, delivering the presentation to stakeholders, confirming success criteria, discussing next steps in the decision-making process, and preparing for return shipment of the ArcSight appliances. Attendees should include business decision makers, technical decision makers, and both business and technical influencers. 4. **Assumptions**: The document assumes that the lab environment is ready for ArcSight appliances upon arrival, and that specific use cases have been provided in advance. Customer involvement in scheduling and confirming attendance for presentations is required. 5. **Appendix A: Requirements** details requirements such as power supply specifications for the L3400 appliance (1U with a 460W CS Platinum Power Supply). Appendix B provides detailed specifications for ArcSight ESM, Connector Appliance, Logger, and Express. Appendix C lists supported platforms. The document outlines the system requirements for various platforms and software components used with the ArcSight Logger interface and Application Security Monitor (ASM). Key points include: 1. **Supported Operating Systems:**

• **Linux:** Red Hat Enterprise Linux (RHEL) 5.7 Client 32-bit, RHEL 6.1 64-bit, Oracle Enterprise Linux (OEL) 5.5 64-bit, CentOS 5.5 64-bit.

• **Windows:** Windows Server 2008 SP2 64-bit, Windows 7 SP1 64-bit, Windows Vista SP2 64-bit and 32-bit, Windows XP Professional SP3 32-bit.

• **Macintosh:** macOS X 10.7 64-bit.

2. **Hardware Requirements:**

• For the Application Security Monitor (ASM), a high-end processor or equivalent with at least 1 GB of RAM and 545 MB of disk space is recommended. Additional space for temporary files is required.

• Java runtime environments supported include J9, HotSpot, and JRockit, versions ranging from 1.4.2 to 1.7.0.

3. **Software Requirements:**

• Supported application servers include JBoss, Apache Tomcat, Oracle WebLogic, IBM WebSphere, and IIS for .NET environments. Versions vary across these platforms.

• Java applications require versions of the .NET runtime environment corresponding to specific Windows OS versions.

4. **ArcSight Logger Software:**

• Certifies that it operates on specified Linux and Windows operating systems. A VM installation is supported, with a recommendation of 4 GB RAM per VM instance.

This document provides detailed information for system administrators to ensure compatibility and optimal performance when deploying the ArcSight Logger interface and Application Security Monitor. The provided information outlines system requirements for both ArcSight Logger (downloadable version) and ArcSight Connector Appliance Software, focusing on CPU, memory, disk space, and operating systems compatibility. For the downloadable version of ArcSight Logger, recommended specifications include:

• For Small to Medium Deployments: 1 or 2 x Intel Xeon Quad Core CPUs, 4 - 12 GB RAM (with a recommendation for 12 GB), and at least 10 GB disk space.

• For Medium to Large Deployments: 2 x Intel Xeon Quad Core CPUs, 12 - 24 GB RAM (with a recommendation for 24 GB), and at least 65 GB disk space. The installation must be on a partition with sufficient disk space for Logger software.

Additional notes include:

• Use of NFS as primary storage for events is not recommended.

• System should have no more than two CPUs.

• Supported browsers are Internet Explorer versions 7 and 8, and Firefox versions 3.6 and 5.0, with Adobe Flash Player plug-in required for certain features like Histogram and charts.

• For optimal performance, avoid running other applications on the system during Logger installation. The system should not have any versions of PostgreSQL or MySQL installed.

For ArcSight Connector Appliance Software, compatible operating systems include:

• Red Hat Enterprise Linux (RHEL) versions 5.7 and 6.1, as well as CentOS versions 5.7 and 6.1, both in a 64-bit configuration.

• Additionally, Oracle Enterprise Linux (OEL) version 5.7 and 6.1 is also supported in the same architecture.

System requirements for these appliances involve:

• Allocating at least 4 GB RAM per VM instance when installed virtually.

• The total memory of all active VMs on a server should not exceed the physical memory capacity of the server.

The provided information outlines several key aspects of a VM installation setup for supporting various operating systems using products from ArcSight. Key points include system requirements for CPU, memory, disk space, browser support (with specific versions), necessary plugins, other application considerations during installation, hardware accessories required for initial configuration and equipment compatibility with the software components. Additionally, it details port and protocol usage by HP ArcSight ESM, Express, Logger, Connector Appliance, and SmartConnectors as outlined in Appendix E. Here's a summary: 1. **Operating Systems Support**: The system supports various VM installations of listed operating systems. 2. **Memory Allocation**: It is recommended to allocate at least 4 GB RAM per VM instance for optimal performance. 3. **Total Memory Constraints**: The combined memory usage across all active VMs on a server should not exceed the total physical memory available on that server. 4. **CPU and System Requirements**: The system requires either one or two Intel Xeon Quad Core CPUs, with each VM needing at least 4 GB of RAM. 5. **Disk Space Requirement**: Each VM instance must have at least 4 GB of disk space. 6. **Supported Browsers**: Compatible browsers include Internet Explorer versions 8.0 and 9.0, as well as Firefox versions 7.0 and 8.0. Adobe Flash Player is required for specific features like EPS gauges. 7. **Performance with Other Applications**: For optimal performance during installation, ensure no other applications are running on the system where ArcSight software will be installed. 8. **Hardware Accessories**: Initial configuration requires a VGA monitor, USB keyboard, and USB mouse provided by the customer. 9. **Workstation Requirements**: A Windows, Linux, or Macintosh workstation is necessary for installing the ArcSight Console. Additionally, a Linux system is required for Logger and Connector Appliance installations. 10. **Supported Platforms and Requirements**: Appendix C provides detailed information on supported platforms and requirements for all hardware and software components of the solution. 11. **Ports and Protocols**: A description of commonly used ports and protocols utilized by ArcSight ESM, Express, Logger, Connector Appliance, and SmartConnectors is provided in Appendix E. This summary captures the essential technical details about how to set up and configure a system for deploying ArcSight products, including software requirements, browser compatibility, and hardware specifics.