Is SPLUNK also similar to ArcSight, as it also captures different logs and provides reports. If they both are similar....then which one is better suited in terms of easy implementation/configuration.
Regards Aseem On Wed, Apr 8, 2009 at 3:40 AM, Randal T. Rioux <[email protected]> wrote: > > On Tue, April 7, 2009 4:15 am, [email protected] wrote: > > Dear All, > > > > I was wondering if anyone has any standard rules and policies which can > > be instantly deployed & added to Arcsight ESM for monitoring Windows, > > UNIX, database and network devices. I understand the rules vary and are > > specific to the OS and n/w devices. We have to setup the rules and > > commission Arcsight in our company. If anyone has prior hands-on using > > Arcsight or if you have any literature, please share. Also, if you have > > any docs on how to setup rules on Tripwire tool for file integrity > > checking please share the information. Thank you in advance. > > ArcSight doesn't so much depend on rules, like an IDS. The agents just > grab log/event data and the main engine fondles it to make pretty charts > and correlations. The real benefit is in writing/modifying policies to get > you the info you want. Write me offlist if you'd like help with anything > ArcSight. > > As for Tripwire, that very much depends on your environment. Here is a > good tutorial: > > http://www.linuxjournal.com/article/8758 > > Also, if you haven't already implemented Tripwire, give Osiris and Samhain > a look. > > Randy > > > > -- Love enables you to put your deepest feelings and fears in the palm of your partner's hand, knowing they will be handled with care.
