What's also blogworthy is the fact that if you're an existing customer and want to upgrade, you're stuck until August when ArcSight releases the upgrade-capable installers with SP1. Or, like with 3.5, you can pay their pro services team to do the upgrade for you before then. Anyway, I'm spoiling the feature list here:
Key features of ArcSight ESM v4.0 include :
  Identity Correlation   ArcSight ESM v4.0 identity  correlation can model the typical behavior of groups, machines, or individuals  (as reflected in events) and provides a framework to access any other form of  session data through mappings with dynamic variables. This information can be  used or shown in rules, reports, active lists, active channels, and data  monitors.   Improved Asset Management &  Scalability  ArcSight ESM v4.0 introduces the  ability to manage up to one million assets while maintaining performance,  including maintaining memory usage in-line, processing, correlation, and  ensuring sustained EPS (events per second).  Trend Reporting & Report  Generation Performance  Trend Reporting enables the ready  historical trending often required for regulatory compliance reporting. Trend  reporting can track a trend over a specified period of time, and highlight  changes in risks or threats during that period. Trend reporting improves report  generation performance for regularly scheduled reports by tracking trends over a  user-specified time and by keeping the data easily accessible.  New Report and Template Designer   ArcSight ESM v4.0 provides a new,  more powerful and highly flexible reporting system. You can use this design  capability to create well-defined reports for different scenarios or audiences.  This feature offers options for unique queries and to define the overall  look-and-feel for presenting information. These new features include the ability  to report on several data queries simultaneously, using multiple charts and  grids in one report. Report formats, layout, and overall look-and-feel can be  customized to your needs.  Historical Correlation   ArcSight ESM v4.0 enhances the  Verify Rules with Events capability (previously known as Replay with Rules) so  you can define actions based on processing historical data through the  correlation engine.  ArcSight Packages   ArcSight ESM v4.0 introduces a new  feature called packages. A package is an ArcSight resource that acts as a  portable container for group resources or content (e.g., rules, filters, data  monitors, reports, etc).    Resource Validation Enhancements   ArcSight ESM v4.0 enhances resource  validation beyond rule- and network-modeling, adding the ability to validate  cross-resource dependencies automatically, and interactively, through the  Console. This enables the ArcSight Manager to detect resource conflicts  introduced during resource modification, creation, upgrading or importing.   ArcSight ESM v4.0  64-bit The 64-bit JVM version of ArcSight  ESM v4.0 will be made available as part of a controlled release. Customers who  are interested in participating should contact Technical Support for additional  information. 
Do you use their Log Management product Logger as well? If so (or if not), what do you see as the differenc between ESM and Logger?
ReplyDeleteSee my response from today.
ReplyDeleteHi Paul,
ReplyDeleteI would like to ask if you know of any resources I can reference for ArcSight correlation rules authoring.
In particular, I am looking for Web App and VOIP Security. Thanks in advance.