SourceFire High Impact Correlated Intrusion Event Use Case

Summary:

This document outlines how ArcSight clients can integrate Sourcefire IPS and RNA to enhance network intrusion detection, redefining the default impact flag event attribute from 'Unknown' (0) in standalone Sourcefire implementations. The combination with Enterprise Security Manager (ESM) assigns a specific impact value and color for better assessment and response to potential threats. The document titled "Service Account Initial Anomaly Detection Use Case Process.docx" provides a list of management actions and options within the i.R.O.C.K. powered by Jive SBS ® 4.0.11 software, including: - Managing versions of the document - Moving the document between storage locations - Receiving email notifications about changes or comments - Stopping email notifications - Sending the document as an email attachment - Bookmarking the document for easier access - Viewing options such as sharing with everyone or specific connections, showing only notes, and navigating through previous/next documents - Retrieving more information from the author or related documents - Identifying the software version being used (Jive SBS ® 4.0.11).

Details:

This document provides an overview of how ArcSight clients can utilize Sourcefire IPS and RNA together to monitor and evaluate the effects of network intrusion events on their IT environment. The combination of these technologies changes the default impact flag event attribute from 'Unknown' (0) in standalone Sourcefire IPS or Snort implementations, giving it a specific impact value and color that can be used in Enterprise Security Manager (ESM) use cases for better assessment and response to potential threats. This is a list of actions and options related to managing and interacting with a document or file, using an unspecified system (likely the i.R.O.C.K. powered by Jive SBS ® 4.0.11 software). The document appears to be titled "Service Account Initial Anomaly Detection Use Case Process.docx" authored by Robert Sandoval. Here's a summary of each item on the list: 1. **Manage versions**: This suggests there is version control available for this document, allowing users to view different versions that have been created over time. 2. **Move document**: The ability to transfer or relocate the document within the system or storage locations. 3. **Receive email notifications**: Option to receive automatic updates or alerts about changes, comments, or actions related to the document via email. 4. **Stop email notifications**: Users can opt-out of receiving such notifications for this specific document. 5. **Send as email**: Allows the user to send a copy of the document directly to someone's email address. 6. **Bookmark this**: Enables users to save or "bookmark" the document, making it easier to locate in the future within their library or saved items. 7. **Bookmarked By (0)**: Indicates that currently no one has bookmarked the document; if more people have bookmarked it, the number would reflect how many users have saved this particular file. 8. **View options**:

• **Everyone**: Allows everyone to see and interact with the document without restrictions.

• **Connections**: Shows content only to those within specific connections or groups in the system.

• **Only Notes**: Limits visibility to just the notes related to this document, not the document itself.

• **Previous & Next**: Navigation options to view previous or next items in the sequence of documents or interactions.

• **More Like This**: Displays other documents that might be similar or relevant based on metadata or content analysis.

9. **Retrieving data ...** and **More by Robert Sandoval**: Indicate that additional information or related documents from this author are being loaded or displayed, likely through a search or recommendation feature within the software. 10. **Jive Software Version: 113816**: This is metadata indicating which version of the Jive SBS software is in use for managing and interacting with this document. This list provides various functionalities that users can perform to interact, manage, and view content related to "Service Account Initial Anomaly Detection Use Case Process.docx" within a digital environment managed by i.R.O.C.K. powered by Jive SBS ® 4.0.11 software.