Cybersecurity
DevOps Cloud
IT Operations Cloud
Features and Benefits:
ArcSight Recon 1.5.1 provides a modern log management and compliance solution powered by a high-performance, column-oriented, clustered database. The Search feature helps you investigate security issues by viewing search results and identifying outlier events. The Reports Portal, which includes OWASP content, enables you to hunt for undetected threats as well as create charts and dashboard to visualize filtered data with tables, charts, and gauges. This update includes some key capabilities that bring us closer to Logger parity especially with regards to key features such as event data immutability and search operators.
Features and benefits
The features that will be available with this release are:
Enhanced search capabilities that provide analysts with more options to view data e.g. linear or log scale; the ability to drill down on matching events by clicking on a histogram bar; the ability to select an event and open the event inspector which provides additional details for research purposes; the Search Home tab provides a high-level view of your Search activity providing a list of all your session (non-saved) searches as well as widgets that show the state of saved search queries, saved search criteria, saved search results, field sets, and lookup lists.
New search operators such as ‘wheresql’ provide powerful threat hunting capabilities for complex searches such as: detecting plain text credit cards in events; executable names; .dll prefixes etc.
Search operator chaining allows for the construction of a complex query statement by chaining together multiple search operators into a single query instead of implementing separate queries. This powerful capability lets you perform robust, real-world searches while providing the flexibility to customize searches for specific scenarios.
The import and export of saved search queries and criteria is now possible by using a compressed JSON file. The saved search queries contain only the specified query expression, ready for you to load into a new search at any time.
The ArcSight Database now enforces the immutability of events once they are received from data sources, thus ensuring that not even the most privileged database administrator can modify or delete an event. This is achieved through a new database-native capability that rejects commands to modify or delete events for all users. This capability is built in such a way that it does not interfere with the configured retention policies.
The ArcSight Administrator now has an out of the box Data Processing Monitoring dashboard that contains a Database Event Ingestion Timeline widget useful for monitoring the rate of event ingestion into the database. This widget can also be used in custom dashboards by other users who are in a role that has the Access Database Monitoring Overview permission.
See: ArcSight Search Operators Guide - YouTube
Operational Details:
The Standard Delivery method for our software is electronic. New orders receive a link via email where the software can be downloaded, which is specific to the order.
Language Availability: English |
|
*New Orders and Updates |
*Internals and |
|||
Commercial Customers (Worldwide) |
|
|||
Product Support Lifecycle Information: |
|
Lifecycle Table: |
Lifecycle Policy: |
View our Product Support Lifecycle table to see specific details and support lifecycle dates for your product. |
View the details of our new Product Support Lifecycle policy. |
Licensing Strategy: |
|
Licensing Technology |
AutoPass |
New Implementation, a license key required |
Yes |
Update from previous version, new license key required |
No |
Additional License Information |
N/A |