New to ArcSight Package
Getting a new Micro Focus ArcSight SIEM installation up and running is best accomplished as a two-week sprint. By the end of this period, the client will have a functional Micro Focus ArcSight SIEM deployment that collects the most important log sources, stores them according to company retention policies and correlates events to detect and report upon potential security problems. This package also provides a comprehensive status report detailing the Micro Focus ArcSight SIEM infrastructure and a roadmap for future log source onboarding and content development. Finally, SEMplicity provides your internal personnel with substantial Micro Focus ArcSight training.
|Pre-Sprint Checklist||Initial conference call and follow-up to determine the checklist that should be completed prior to the start of the sprint.|
|Initial meeting with all stakeholders||Introduce product, review architecture, determine client requirements, scope project, set objectives.|
|Install ESM||Install and configure the Enterprise Security Manager, including any network-attached storage.|
|Install Loggers||Install hardware and/or software Loggers, configure retention policies and storage groups. Configure iLO. Define forwarding.|
|Install Connector Appliances or ArcMC||Create infrastructure for managing log collection.|
|Install Connectors||Install and configure up to seven SmartConnectors, implement forwarding.|
|Configure Loggers||Configure storage groups and retention on all ArcSight Loggers per company policies, implement forwarding.|
|Implement Content||Implement standard content and initial client-specific content. Configure notifications and report distribution. Define case workflow.|
|Additional Optional Tasks (if time permits)||ArcSight FlexConnector Development, Parser Overrides, SuperConnector correlated event forwarding, event count monitoring.|
In general, a New-to-ArcSight sprint is vulnerable to delays resulting from change requests. If possible, all change requests necessary to support the implementation should be complete before the engagement starts. SEMplicity will work with the client to develop a comprehensive checklist and thus assure that the site is ready before deploying consultants.
- All Micro Focus ArcSight SIEM hardware must be on-site
- If the hardware is not racked, there must be rack space designated and available
- IP addresses for all devices must be allocated
- For software appliances, VMs should be allocated and ready for configuration
- Many log sources require configuration changes to send log records. Others require credentials to collect data via JDBC or web services. SEMplicity will determine the exact requirements for your implementation during the scoping call. Ideally, all changes should be staged or made, and all credentials acquired, before the start of the sprint.