Technical white paper HP CloudSystem Enterprise Integrating security with HP ArcSight Table of contents Executive summary ...
Technical white paper 10 Forwarding events to HP ArcSight ESM The HP ArcSight Logger can be used to aggregate events and forward specific events to
Technical white paper 11 We can also forward events from specific devices or device groups. In our example in Figure 10, we have created a forwarde
Technical white paper 12 Cloud Service Automation 3.1 Monitoring of events that occur in the core applications that comprise HP CloudSystem Enterpri
Technical white paper 13 The events captured from the log4j application logs will be sent to the HP ArcSight Logger and then select events can be c
Technical white paper 14 HP Virtual Connect To enable HP Virtual Connect (VC) to be monitored and viewed in HP ArcSight Logger and HP ArcSight ESM,
Technical white paper 15 Figure 14. Enabling Virtual Connect Remote System Logging • Select “Test”. By doing so, a test message is sent to the Lo
Technical white paper 16 Figure 15. Setting the ESXi Syslog.global.logHost variable • Select “OK”. • Select “Security Profile” under the “Softwa
Technical white paper 17 – In the “Firewall Properties” window, scroll down the list until you see “syslog” and select the check box to enable it
Technical white paper 18 – Optionally, you can select the “Firewall…” button, select the “Only allow connections from the following networks” radio
Technical white paper 19 Figure 19. Selection of “VMware Web Services” • Select the “Details” tab and select “Copy to File…” – Select “Next >
Technical white paper Appendix A: ASLinuxAudit.props ...
Technical white paper 20 Figure 20. Selection of “VMware Web Services” Connector • Select “true” for the “ValidateCert” option, then select “Next
Technical white paper 21 Figure 21. Example of completed Connector VMware Web Services device details – NOTE: If you get an information dialog bo
Technical white paper 22 HP TippingPoint Security Management System (SMS) Appliance The TippingPoint product has two types of devices, sensors and S
Technical white paper 23 • Select “Add” on the “Enter the device details” window and enter the following: – Host – Host name or IP address of the
Technical white paper 24 • Log into the HP TippingPoint SMS and navigate to “Admin > Server Properties > Syslog” – Select the “New…” button
Technical white paper 25 Protecting CloudSystem Enterprise Services with HP ArcSight In addition to protecting the HP CloudSystem Enterprise core c
Technical white paper 26 The zip file is then imported into Server Automation. Add a Post-Install script as seen in Figure 27 to run the silent inst
Technical white paper 27 Figure 28. Policy Items Including the ArcSightSecurityPackages policy into the MariaDB-RHEL6 and ApacheWordPress-RHEL6 po
Technical white paper 28 log4j.appender.cef1=com.hp.esp.arcsight.cef.appender.Log4jAppender log4j.appender.cef1.deviceVendor=HP log4j.appender.cef
Technical white paper 29 HP ArcSight ESM – Viewing Events with Active Channels Events can be viewed in the ESM using an Active Channel. To view eve
Technical white paper 3 Executive summary Organizations are faced with threats that could disrupt operations and critical IT services. HP CloudSyst
Technical white paper 30 Figure 33. View of Failed Logons with additional fields Click on the event to view the event details. Looking at the detai
Technical white paper 31 Zones High value assets can be grouped into Zones. A Zone is based on a range of IP Addresses which can be used as a filte
Technical white paper 32 Figure 37. ESM Query Failed Logon – General In the Fields tab we can select which event fields we want to return and displ
Technical white paper 33 Next we’ll create a query viewer that will be used to execute our Failed Logon Query. We’ve named this Query Viewer “Faile
Technical white paper 34 Rules Rules are used to trigger an Action when a specific event or event(s) occur. Keeping with our Failed Logon example we
Technical white paper 35 Cloud Security Alliance The Cloud Security Alliance is a not-for-profit-organization that provides guidance, education, an
Technical white paper 36 Table 1. Security controls Control Number Description HP ArcSight Information Security – User Access Reviews IS-10 All leve
Technical white paper 37 # What would you like to do? # # Please select one of the following options : # # 0 - Add a Connector(addconnector) #
Technical white paper 38 # ========================================================= # Panel 'connectordetails' # ========================
Technical white paper For more information Learn more at hpenterprisesecurity.com/products To read more about CloudSystem Enterprise go to hp.com/
Technical white paper 4 comprehensive service automation solution. Cloud Service Automation (CSA) can leverage CloudSystem Matrix infrastructure ser
Technical white paper 5 Key Benefits • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archivin
Technical white paper 6 Typical deployment scenarios Security and log event information is captured at the host and application level. Events can be
Technical white paper 7 Sending events to HP ArcSight Logger using Connectors HP ArcSight Connectors can be installed on CloudSystem Enterprise hos
Technical white paper 8 Sending events to HP ArcSight ESM using Connectors The HP ArcSight Connectors can also send CEF formatted log data directly
Technical white paper 9 Devices As systems connect to the HP ArcSight Logger, either through the UDP receiver or the SmartMessage receiver, they wi
Komentarze do niniejszej Instrukcji