The Windows Security Log is a morass of cryptic security events - some noise, some highly valuable indicators of security activity. The same goes for other audit logs such as for SQL Server and SharePoint.
Your auditors demand that you not only review these logs on a daily basis but monitor for suspicious events and respond in real time.
So you purchase and implement a SIEM like ArcSight. Now you can collect security logs, securely archive them, produce daily reports and configure real time alerts.
But...
- Which events do you report on?
- Which do you alert on?
- What is the significance of these events and how do you respond to them?
ArcSight is great log collection, archival, alerting and reporting but, like many other SIEMs, its knowledge about Windows security events is limited.
To solve this problem, I developed my Rosetta Audit Logging Kits. But, as many of you are aware, it’s still up to you to implement Rosetta in your own SIEM.
Until now…
ArcSight users can now get all the benefits of Rosetta and more thanks to my partnership with ArcSight experts Brook Watson and Harry Halladay of ThetaPoint.
Brook and Harry have implemented my Rosetta Audit Logging Kit in a new solution called UltimateWindowsSecurity for ArcSight.
In this webinar, Brook and I will give you a tour of UltimateWindowsSecurity for ArcSight and how it provides:
- Best practice guidance on which events to alert and report on
- Report designs you can implemented in ArcSight
- Alert specifications that include event criteria, alert text and suggested recipients
- Recommended courses of action to each alert and report
- Filter specifications so you can get rid of the noise
- Reference material for researching the implications of alerts in your environment
If you have ArcSight and need help getting the most out of it for the Windows and Active Directory environment, please join us!