PCI Image Viewer Map for ArcSight ESM

Summary:

The text provided seems to be related to configuring and managing software tools used in security operations, specifically within the context of SIEM (Security Information and Event Management), Logger, ESM (Enhanced Service Manager), and possibly other similar systems. Here's a breakdown of the main points from the text: 1. **Editing `.jlx` and `.properties` files**: This involves modifying configuration files for software tools where `jlx` might be an extension used by certain software, likely related to SIEM or logging tools, while `.properties` files are commonly used for storing settings in Java-based applications. The instructions suggest replacing a path within these files, possibly for updating or configuring the tool's properties or preferences. 2. **Error message about maximum number of channels**: This error is specific to a software application that manages multiple "channels" (likely representing different data sources or views), and it advises how to adjust a configuration setting to increase the limit from 10 to 20 open channels, likely by modifying `console.default.properties`. 3. **Creating a new Image Viewer Map**: This refers to using an image editing feature within the ArcSight Console software. The steps involve opening the Image Editor, selecting "New Image Entry", and following on-screen prompts for map creation. 4. **Image Editing Steps**: These are general guidelines for manipulating images through the Image Editor within the ArcSight Console: - Open an image file as a background. - Resize the image to fit the screen without distortion. - Add controls like charts that reference saved filters, using help features for guidance. - Optionally, explore additional channels or images for deeper analysis. - Save and view the edited image with appropriate filters applied. 5. **SIEM Value from Heterogeneous Device Logging**: This highlights the strategic importance of collecting logs from multiple devices to derive comprehensive insights in cybersecurity management. 6. **EPS Calculations**: A table is mentioned that provides rough EPS estimates for various devices, possibly used for energy efficiency assessments or purchasing decisions. 7. **Customer branding and Logger/ESM**: Inquires about the ability to include customer logos within these systems, suggesting customization options. 8. **View Gary Freeman's profile**: Suggests checking out a person’s profile who might have more information or expertise in related topics. 9. **i.R.O.C.K. powered by Jive SBS ® 4.0.11 and Version 113816**: Indicates the use of specific software versions for this product, suggesting it is tailored to meet particular requirements or optimized for efficiency in its functions. 10. **AWESOME**: An expression used to indicate positive reaction or satisfaction with the information provided. Overall, these points are focused on practical operational aspects within a security operations environment, particularly around configuring and managing software tools like SIEM systems, log management, and image editing for better visualization of data.

Details:

This document, titled "New PCI Image Veiwer Map for ArcSight ESM," is a tutorial and update on enhancing existing content related to image viewers in ArcSight ESM (Enterprise Security Manager) version 5.0. The author, Gary Freeman, explains that while the earlier versions of the software had limitations with their image viewer map features, version 5.0 introduces improvements such as drill-down capabilities between dashboards which were not available previously. The document includes updated Visio templates for customizing Image Viewer Maps by adding customer logos or renaming elements on the drawings. It serves as a guide to assist users in effectively utilizing the image viewer map feature, particularly those who might have faced difficulties accessing support for similar functionalities from previous versions of the software. The document provides an overview of various tools used in conjunction with Image Viewer Maps within a system, specifically related to event management for PCI compliance. Key details include: **Tools Used:**

• **ESM 5.0 Patch 1 Image Viewer Maps**: A specific version of the image viewer map tool utilized for mapping and visualizing events.

• **Visio 2010**: A diagramming and vector graphics application used to create templates or diagrams related to network configurations, event layouts, etc.

• **Notepad++**: A lightweight text editor that supports multiple languages including C, C++, Java, HTML, XML, ASP, SQL, Batch files, Config files, and more. It is often preferred for its performance and minimalism compared to other full-featured editors.

**Constraints:**

• The document highlights several limitations of the Image Viewer Maps:

• **First Iteration of Dashboards**: As a first iteration, it may be replaced by Image Dashboards in the future.

• **Resource Intensity**: These maps are resource-intensive, creating an active channel for each plotted chart object (e.g., displaying events on multiple countries would lead to numerous active channels).

• **Local User Settings**: Changes made to these maps are local and must be distributed or synchronized across users, unlike more collaborative tools where updates can be viewed by all authorized users.

• **Image Editor Limitations**: The included Image Editor is rudimentary with minimal online help and user interface, requiring administrative hacks (editing admin.ast file) to enable it.

**Installation Process:**

• Before extracting the zip file for the Image Viewer Maps, remove or rename an existing directory if necessary as per specific instructions in the document. This step ensures compatibility when installing the new maps.

• Extract the zip file into the designated path within the ArcSight Console setup. Verify this installation by checking the existence of directories and subdirectories specified in the document.

• Set up and start the ESM 5.0 demo VM, then configure it to send PCI 2.3 events to ESM (Replay Connector).

• Finally, open the ArcSight Console and load the designated channel for all active events, allowing selection of Image Viewer Maps as needed.

These steps outline how to prepare and install specific tools and configurations necessary for utilizing the Image Viewer Maps effectively within a system designed for PCI compliance event management. The text describes the process to load an Image Viewer Map for PCI using "ArcNet-Retail" in the ArcSight Console, ensuring that the images are functioning correctly by drilling down on chart objects displaying PCI metrics. It then explains the components and functions of an Image Viewer, specifically mentioning the ESM (Embedded Software Module), JLoox charting engine files (JLX and Properties), and PNG files for image rendering with options like BMP, GIF, JPG, and Visio templates. The text also advises creating a copy of the ArcNet-Retail directory to modify the Visio templates and save the PNG images back into the same directory. The text discusses new .VSD files in an "Arcnet-Retail" folder, which are Visio 2010 templates designed for customizing Image Viewer drill-downs. These templates allow users to customize elements of the maps and export them as PNG format. While no tutorial is provided on how to edit these templates in Visio (Visio's ribbon bar made it difficult), some tips are given: 1. The template dimensions were measured in points, equivalent to 1011 pixels x 636 pixels. If the size of the drawing changes, both the JLX and Properties files must be adjusted accordingly. 2. Changes in the location of blank squares hosting chart objects also require adjustments in the JLX and Properties files. This can be done through the console Image Editor. 3. Changing image formats such as GIF, BMP, or JPG requires changes to both the JLX and Properties files using a text editor for search and replace operations. 4. When creating new drawings for potential new Image Viewer Maps, it's important to consider the number of chart objects; keep this under 10 to avoid negatively impacting demo performance. 5. For those interested in the ESM Image Editor process (for logical network drawing customization similar to PCI Demo), instructions are provided: try to obtain the original Visio format for editing, use Visio to export as a PNG with default settings, and close any ArcSight Console instance before proceeding. These tips aim to assist users in customizing and managing their Image Viewer Map templates effectively within Visio 2010. To enable an image editor in ArcSight Console on a prospect's computer, follow these steps: 1. On the prospect's computer where the ArcSight Console is installed, edit the "admin.ast" file by adding the line `console.ui.imageEditor=true`. 2. Save the file and restart the ArcSight Console. Log in as the admin user. 3. In the ArcSight Console, go to the Views menu and select Image Editor. You will now have access to an empty image editor palette. Frequently Asked Questions: 1. Images not loading on Image Viewer Maps: Ensure the correct path for images is set to "c:/arcsight/Console/lib/resources/views/ArcNet-Retail". If the path differs, edit `.jlx` and `.properties` files associated with ArcNet-Retail by replacing the old path with the new one in Notepad++. 2. Error message about maximum number of channels exceeded: The default is 10 open channels; increase this to 20 by modifying `console.default.properties`. 3. Creating a new Image Viewer Map: Use the Image Editor within the ArcSight Console, select "New Image Entry" and follow the on-screen prompts to create a map. By following these steps and using the FAQs provided, you should be able to resolve common issues related to image editing in the ArcSight Console. To summarize the provided text, here's a step-by-step guide on how to manipulate an image using an Image Editor: 1. Open the file dialog to select an image as your background. 2. Resize the selected image to fit the screen without skewing it. 3. Add controls such as pie and bar charts that reference saved filters. Use the help feature within each option to understand how to add and populate these controls. 4. Optionally, drill down into other channels or additional images for more detailed analysis. 5. Once satisfied with your edits, save the image using the customer's name by clicking the Save icon on top of the Image Editor. 6. To view the saved image, go to a Active Channel (Demo Live works) and click on the Channel Viewer type icon at the bottom right. Select "Image Viewer > {customerName}" and ensure that the selected filters for chart types are populated with data. 7. Save the final version of your work using the customer's name. 8. For viewing, navigate to the Active Channel, select Image Viewer, and choose "{customerName}". Check that all relevant filters are correctly displayed in the charts. 9. (Note: This is not a comprehensive tutorial; Gary Freeman may be able to answer specific questions or provide further assistance.) The text provided is a collection of various items related to different topics within the context of SIEM (Security Information and Event Management), Logger, ESM (Enhanced Service Manager), and Jive SBS®. Here's a summary of each item: 1. **Unix Logging Configuration Cheatsheet**: This refers to a guide or reference for configuring Unix-based systems to log information effectively, which is useful in the context of SIEM tools where heterogeneous device logging can provide valuable data for security monitoring and analysis. 2. **The SIEM Value Derived from Heterogeneous Device Logging**: This highlights the importance of collecting logs from various devices or systems (hierarchical) to derive meaningful insights and value from them, which is crucial in modern cybersecurity practices where multiple sources are often involved. 3. **EPS Calculations - Table of devices and rough eps estimates - GF**: This seems to be a table with estimations for EPS (Energy Performance Score) for various devices. The "GF" could potentially stand for the individual or company providing the estimation, possibly indicating that it's a generic or rough calculation rather than detailed analysis. 4. **Customer branding (logos) in Logger and ESM?**: This question pertains to whether customer logos can be included in the Logger and ESM systems. It could imply an inquiry about customization options for user interface elements like logos within these software applications. 5. **View Gary Freeman's profile**: This suggests a link or reference to a profile of Gary Freeman, possibly indicating that he is involved with the mentioned Jive SBS® version 4.0.11 community software, and might have contributed to it in some capacity. 6. **i.R.O.C.K. powered by Jive SBS ® 4.0.11**: This refers to a specific product or service named "i.R.O.C.K." which is powered by the Jive SBS® version 4.0.11 software, indicating that it uses this particular version of the software for its functionality and capabilities. 7. **Jive Software Version: 113816**: This indicates the specific version number (113816) of the Jive SBS® software being used by "i.R.O.C.K.". The version number could suggest that it's a customized or modified version, possibly optimized for the unique requirements of this product. 8. **AWESOME**: This expression is likely to be an emotional reaction or evaluation to one or more of the items listed above, expressing enthusiasm, satisfaction, or appreciation. It does not carry any specific meaning by itself but serves as a response or comment on the presented information.