What's also blogworthy is the fact that if you're an existing customer and want to upgrade, you're stuck until August when ArcSight releases the upgrade-capable installers with SP1. Or, like with 3.5, you can pay their pro services team to do the upgrade for you before then. Anyway, I'm spoiling the feature list here:
Key features of ArcSight ESM v4.0 include :
Identity Correlation ArcSight ESM v4.0 identity correlation can model the typical behavior of groups, machines, or individuals (as reflected in events) and provides a framework to access any other form of session data through mappings with dynamic variables. This information can be used or shown in rules, reports, active lists, active channels, and data monitors. Improved Asset Management & Scalability ArcSight ESM v4.0 introduces the ability to manage up to one million assets while maintaining performance, including maintaining memory usage in-line, processing, correlation, and ensuring sustained EPS (events per second). Trend Reporting & Report Generation Performance Trend Reporting enables the ready historical trending often required for regulatory compliance reporting. Trend reporting can track a trend over a specified period of time, and highlight changes in risks or threats during that period. Trend reporting improves report generation performance for regularly scheduled reports by tracking trends over a user-specified time and by keeping the data easily accessible. New Report and Template Designer ArcSight ESM v4.0 provides a new, more powerful and highly flexible reporting system. You can use this design capability to create well-defined reports for different scenarios or audiences. This feature offers options for unique queries and to define the overall look-and-feel for presenting information. These new features include the ability to report on several data queries simultaneously, using multiple charts and grids in one report. Report formats, layout, and overall look-and-feel can be customized to your needs. Historical Correlation ArcSight ESM v4.0 enhances the Verify Rules with Events capability (previously known as Replay with Rules) so you can define actions based on processing historical data through the correlation engine. ArcSight Packages ArcSight ESM v4.0 introduces a new feature called packages. A package is an ArcSight resource that acts as a portable container for group resources or content (e.g., rules, filters, data monitors, reports, etc). Resource Validation Enhancements ArcSight ESM v4.0 enhances resource validation beyond rule- and network-modeling, adding the ability to validate cross-resource dependencies automatically, and interactively, through the Console. This enables the ArcSight Manager to detect resource conflicts introduced during resource modification, creation, upgrading or importing. ArcSight ESM v4.0 64-bit The 64-bit JVM version of ArcSight ESM v4.0 will be made available as part of a controlled release. Customers who are interested in participating should contact Technical Support for additional information.
Do you use their Log Management product Logger as well? If so (or if not), what do you see as the differenc between ESM and Logger?
ReplyDeleteSee my response from today.
ReplyDeleteHi Paul,
ReplyDeleteI would like to ask if you know of any resources I can reference for ArcSight correlation rules authoring.
In particular, I am looking for Web App and VOIP Security. Thanks in advance.