arcsight reports.pdf
TRANSCRIPT
-
8/10/2019 ArcSight Reports.pdf
1/11
ArcSight ArcSight
. ArcSight
6.4.5.77 .5 . 3504
. CentOS7.3
3504.
1-1- ArcSight
Attack Count by Severity .
Attacks by Attacker
Attacks for a Day
Attack s for a Target
Top 10 Attack Signatures05
Top 10 Attacked Hosts05
Top 10 Intruders05
-
8/10/2019 ArcSight Reports.pdf
2/11
Trend Report for a Specific Event
Destination IP Address Report
Event Name Report
Events for an IP (Source or Target) .
Notification Log .
Severity Trend by Day .
.
1:Event Severity Trend Reports
-
8/10/2019 ArcSight Reports.pdf
3/11
3:Event Type/Category Trend Reports
4:Alerts Trend Reports
-
8/10/2019 ArcSight Reports.pdf
4/11
Rolling Year Summary .
.
Report modification and authoring
.
.
Bots, Worms, and Virus Reporting ( ) .
.
Hacker Detection
.
Bandwidth Hogs and Policy Violation Reporting
.
Unauthorized Application and System Access Detection
VPN Sneak Attack Detection
System and User Impact
-
8/10/2019 ArcSight Reports.pdf
5/11
Compliance Audit Support .
.
) (
.
.
.
.
.
.
.
0.
-
8/10/2019 ArcSight Reports.pdf
6/11
0:
-
8/10/2019 ArcSight Reports.pdf
7/11
ArcSight5.3
1-1- Device Monitoring
AntiViruso Errors Detected in Anti-Virus Deploymentso Failed Anti-Virus Updateso Top Infected Systemso Update Summaryo Virus Activity by Hour
CrossDeviceo Bandwidth Usage by Houro Bandwidth Usage by Protocolo By User Account Accounts Createdo Configuration Changes by Typeo Configuration Changes by Usero Failed Login Attemptso Failed Logins by Destination Addresso Failed Logins by Source Addresso Failed Logins by Usero Login Event Audito Password Changeso Successful Logins by Destination Addresso Successful Logins by Source Addresso Successful Logins by Usero Top Bandwidth Hostso Top Hosts by Number of Connections
Databaseo Database Errors and Warnings
Firewallo Denied Connections by Addresso Denied Connections by Porto Denied Connections per Hour
IDS-IPSo Alert Counts by Deviceo Alert Counts by Port
-
8/10/2019 ArcSight Reports.pdf
8/11
o Alert Counts by Severityo Alert Counts by Type o Alert Counts per Houro Top Alert Destinations o Top Alert Sourceso Top Alerts from IDS and IPSo Worm Infected Systems
Identity Managemento Connection Counts by User
Networko Device Critical Eventso Device Errorso Device Eventso Device Interface Down Notificationso Device Interface Status Messageso Device SNMP Authentication Failures
Operating Systemo Login Errors by Usero User Administration
VPNo Authentication Errorso Connection Counts by Usero Connections Accepted by Addresso Connections Denied by Addresso Connections Denied by Hour
2-1- Foundation
Configuration Monitoringo Accounts Created by Usero Accounts Deleted by Usero Accounts Deleted by Hosto Anti-Virus Updates-All-Failedo Anti-Virus Updates-All-Summaryo Asset Startup and Shutdown Event Logo Device Configuration Changeso Device Configuration Eventso Device Misconfiguration Events
-
8/10/2019 ArcSight Reports.pdf
9/11
o Device Misconfigurationso Password Changeso Vulnerability Scanner Logs by Hosto Vulnerability Scanner Logs by Vulnerability
Intrusion Monitoringo Device Interface Down Notificationo Firewall Traffic by Serviceo Least Common Eventso Most Common Eventso Most Common Events by Severityo Probes on Blocked Ports by Sourceo Security DashBoardReporto SecurityDBReporto Top IDS Attack Eventso Top IDS Eventso Top Machines Traversing Firewallo Top Web Traffico Windows Eventso Worm Infected Systems
Attackerso Bottom Sourceso Source Counts by Destinationo Source Counts by Destination Porto Source Counts by Deviceo Source Counts by Device Severityo Source Counts by Source Porto Source Port Countso Top 10 Talkerso Top Attack Sourceso Top Attacker Detailo Top Attacker Detailso Top Attacker Portso Top Attackerso Top Sources Detected by Snorto Top Sources Traversing Firewalls
Resource Accesso Access Events by Resourceso Least Common Accessed Portso Resource Access by Users Failureo Resource Access by Users Successes-Attempts
-
8/10/2019 ArcSight Reports.pdf
10/11
o Top Machines Accessing the Web Targets
o Attacks Events by Destinationo Bottom Destinationso Bottom Targetso Destination Counts by Device Severityo Destination Counts by Event Nameo Target Counts by Severityo Target Counts by Sourceo Target Counts by Source Porto Target Counts by Target porto Target Port Countso Top Destination Portso Top Destination Across Firewalls
o Top Destination in IDS Eventso Top Targets
User Trackingo Common Account Login Failures by Sourceo Number of Failed Loginso Top User Loginso Top Users with Failed Loginso User Activity
Netflow Monitoringo Daily Bandwidth Usageo Hourly Bandwidth Usageo Top Bandwidth Usage by Destinationo Top Bandwidth Usage by Destination Porto Top Bandwidth Usage by Source
Network Monitoringo Top VPN Accesses by Usero Top VPN Event Destinationso Top VPN Event Sourceso Top VPN Eventso Traffic Statisticso VPN Connection Attemptso VPN Connection Failures
-
8/10/2019 ArcSight Reports.pdf
11/11
3-1- SANS Top 5
Attempts to Gain Access through Existing Accountso Number of Failed Loginso Top Users with Failed Logins
Failed File or Resource Access Attemptso Failed Resource Access by Usero Failed Resource Access Events
Unauthorized Changes to Users Groups and Serviceso Account Modificationo Password Changeso User Account Creationso User Account Deletionso User Account Modifications
Systems Most Vulnerable to Attacko Vulnerability Scanner Logs by Hosto Vulnerability Scanner Logs by Vulnerability
Suspicious or Unauthorized Network Traffic Patternso Alerts from IDSo IDS Signature Destinationso IDS Signature Sourceso Top 10 Talkerso Top 10 Types of Traffico Top Alerts from IDSo Top Destination IPso Top IDS Signature Destinationso Top IDS Signature Sourceso Top Target IPs