The ArcSight manager is a correlation engine, therefore it is desirable to have it correlate events from as many different security devices as possible. One common logging method is to send high-volume support events, such as DNS, DHCP and Proxy, to the ArcSight Loggers and then bring specific items into the manager when an alert is triggered.
An example of this would be when IDS and firewall events are not all sent to ArcSight Manager but reside in the ArcSight Logger. This API would help with a search of the Loggers for a specified IDS alert of activity permitted to a host and bring in the related parameter events for a rule that triggers.
Network security is greatly enhanced as this tool saves Analysts valuable time and allows them to investigate more events in a shorter period.
Similar apps are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox