#MicroFocusCyberSummit

Similar documents
BIG DATA REVOLUTION IN JOBRAPIDO

NetFlow Optimizer. Overview. Version (Build ) May 2017

HPE Security ArcSight User Behavior Analytics

SIEM Product Comparison

Fluentd + MongoDB + Spark = Awesome Sauce

Deep Security Integration with Sumo Logic

VOLTDB + HP VERTICA. page

Data Management Glossary

A Single Source of Truth

Infrastructure at your Service. Elking your PostgreSQL Database Infrastructure

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Data Analytics at Logitech Snowflake + Tableau = #Winning

SOLUTION BRIEF DFLabs IncMan SOAR - The Security Orchestration, Automation and Response Platform for SOCs.

Integration With Third Party SIEM Solutions NetIQ Secure Configuration Manager. October 2016

Splunk Review. 1. Introduction

HPE Security ArcSight Connectors

Virtuoso Infotech Pvt. Ltd.

CONSOLIDATING RISK MANAGEMENT AND REGULATORY COMPLIANCE APPLICATIONS USING A UNIFIED DATA PLATFORM

Microsoft Exam

Optimized Data Integration for the MSO Market

Activator Library. Focus on maximizing the value of your data, gain business insights, increase your team s productivity, and achieve success.

CloudExpo November 2017 Tomer Levi

Top 10 use cases of HP ArcSight Logger

Flash Storage Complementing a Data Lake for Real-Time Insight

Lenses 2.1 Enterprise Features PRODUCT DATA SHEET

Using ElasticSearch to Enable Stronger Query Support in Cassandra

How to Find What You Want Using simple regex in HPE ArcSight Logger

Bring Context To Your Machine Data With Hadoop, RDBMS & Splunk

MAPR DATA GOVERNANCE WITHOUT COMPROMISE

Talend Big Data Sandbox. Big Data Insights Cookbook

Big Data Integration Patterns. Michael Häusler Jun 12, 2017

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>

What is Gluent? The Gluent Data Platform

The Future of Real-Time in Spark

Advanced ecommerce Monitoring one tool does it all

Architectural challenges for building a low latency, scalable multi-tenant data warehouse

HPE Security ArcSight. ArcSight Data Platform Support Matrix

Azure Data Lake Store

Big Data. Big Data Analyst. Big Data Engineer. Big Data Architect

Big Data on AWS. Big Data Agility and Performance Delivered in the Cloud. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

DomainTools for Splunk

Ingest. Aaron Mildenstein, Consulting Architect Tokyo Dec 14, 2017

Ingest. David Pilato, Developer Evangelist Paris, 31 Janvier 2017

Micro Focus Security ArcSight Connectors. SmartConnector for Snort Syslog. Configuration Guide

Security Operations & Analytics Services

SOLUTION TRACK Finding the Needle in a Big Data Innovator & Problem Solver Cloudera

Big Data Infrastructure at Spotify

Big Data Technology Ecosystem. Mark Burnette Pentaho Director Sales Engineering, Hitachi Vantara

HPE Security ArcSight Connectors

Building a Scalable Recommender System with Apache Spark, Apache Kafka and Elasticsearch

HPE Security ArcSight Connectors

Lambda Architecture for Batch and Stream Processing. October 2018

Streaming analytics better than batch - when and why? _Adam Kawa - Dawid Wysakowicz_

Přehled novinek v SQL Server 2016

QMF Analytics v11: Not Your Green Screen QMF

Increase Value from Big Data with Real-Time Data Integration and Streaming Analytics

Data Lake Based Systems that Work

PNDA.io: when BGP meets Big-Data

IBM Data Replication for Big Data

Cubro FlowVista Series

Data sources. Gartner, The State of Data Warehousing in 2012

Streaming Integration and Intelligence For Automating Time Sensitive Events

Big Data and Enterprise Data, Bridging Two Worlds with Oracle Data Integration

The Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4

Gain Insights From Unstructured Data Using Pivotal HD. Copyright 2013 EMC Corporation. All rights reserved.

Building LinkedIn s Real-time Data Pipeline. Jay Kreps

Monitoring for IT Services and WLCG. Alberto AIMAR CERN-IT for the MONIT Team

EMC SOLUTION FOR SPLUNK

YOU SUN JEONG DATA ANALYTICS WITH DRUID

Microservices Lessons Learned From a Startup Perspective

Table 1 The Elastic Stack use cases Use case Industry or vertical market Operational log analytics: Gain real-time operational insight, reduce Mean Ti

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Introduction to Big-Data

Personalizing Netflix with Streaming datasets

The Rules of Subsurface Analytics Jane McConnell, Practice Partner Oil and Gas, Teradata DEJ KL, 4 October 2017

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Security in AI. Alex Healing Senior Research Manager BT Applied Research. British Telecommunications plc 2019

From Single Purpose to Multi Purpose Data Lakes. Thomas Niewel Technical Sales Director DACH Denodo Technologies March, 2019

Making the Most of Hadoop with Optimized Data Compression (and Boost Performance) Mark Cusack. Chief Architect RainStor

TIBCO LogLogic Unity Release Notes

BIG DATA COURSE CONTENT

Data Onboarding. Where Do I begin? Luke Netto Senior Professional Services Splunk. September 26, 2017 Washington, DC

McAfee Enterprise Security Manager. Data Source Configuration Guide. Data Source: Verdasys Digital Guardian October 1, 2014

Build, Don t Buy Enable Analytics, Machine Learning, and Forensics with Security Data Lake on AWS

Power of the Threat Detection Trinity

Azure Data Factory VS. SSIS. Reza Rad, Consultant, RADACAD

The Power to Stream z IT Operational Data to the Analytic Engine of Your Choice

The Technology of the Business Data Lake. Appendix

Blended Learning Outline: Developer Training for Apache Spark and Hadoop (180404a)

Improving the ROI of Your Data Warehouse

Oracle Big Data SQL. Release 3.2. Rich SQL Processing on All Data

2014 年 3 月 13 日星期四. From Big Data to Big Value Infrastructure Needs and Huawei Best Practice

Search Engines and Time Series Databases

Overview of Data Services and Streaming Data Solution with Azure

An Information Asset Hub. How to Effectively Share Your Data

Overview. Prerequisites. Course Outline. Course Outline :: Apache Spark Development::

Azure Data Lake Analytics Introduction for SQL Family. Julie

Modernizing Business Intelligence and Analytics

microsoft

WHITEPAPER. MemSQL Enterprise Feature List

Transcription:

#MicroFocusCyberSummit

Data Simplicity: ArcSight Data Platform enhances enterprise data via the Common Event Format Peter Titov Micro Focus #MicroFocusCyberSummit

Agenda Usage Ingestion Management Solutions What do we ask of our data? How do we get our data where it needs to go? Where is the easiest place to manage data? Why I can have my cake & eat it too. 3

ADP: Hold up! Wait a minute. What is ADP, what is included with it, and what is CEF? Smartconnector ArcMC Event Broker Logger Ingest Manage Route Immutable storage CEF: Common Event Format 4

Normalized Data vs Raw Data: Usage Normalized data Ideal for real-time correlation Ideal for known requests Reports, dashboards, filters, lists, etc. Raw data Ideal for hunting expeditions of the unknown Compliance mandates 5

Normalized Data vs Raw Data: Ingestion Normalization of Raw Data Regardless when the data is analyzed, normalization will occur in some fashion. Data will be formatted Data will be read Data will be interpreted Approaches to Normalization Pre-ingest Formatting Parsing up stream as close to the log source Weight of normalization is on the SmartConnector Post-ingest Modeling Parsing down stream as close to the log destination Weight of normalization is on the Indexer 6

Normalized Data vs Raw Data: Management Transport Encrypt or obfuscate Enrich Aggregate Secure Under budget 7

Normalized Data vs Raw Data: Challenges Events are lumped together ArcSight fields are not indexed and/or inaccurately captured Aggregated ArcSight data compounds this problem Indexing terabytes of data is exceptionally costly 8

Normalized Data vs Raw Data: Platform Solutions Elastic ArcSight X-Pack Splunk ArcSight Integrator Sumo CEF Syslog Parsing HDFS Data Lake vs Data Warehouse 9

Platform Solutions: Elastic & ArcSight X-Pack Fully normalized data aligned to CEF via Logstash Aggregate data for faster searching Machine learning & analytics Awesome visualizations via Kibana Additional data routing and ETL capabilities Best part, it s bundled with Elastic when installed!!! 10

ADP & Elastic: Implementation Download and install Elastic: https://www.elastic.co/downloads Point ArcSight Connectors or Event Broker/Kafka to Logstash: https://www.elastic.co/guide/en/logstash/current/arcsight-module.html Helpful guide for beginning your journey: https://community.softwaregrp.com/t5/arcsight-user-discussions/elasticsearch-installationand-arcsight-module-configuration/m-p/1616812 11

Platform Solutions: Splunk & ArcSight Integrator Fully normalized data aligned to CEF Aggregating data to drastically reduce Splunk licensing Splunk & ArcSight syntax similarities: Share content quickly and easily between platforms Increase efficiency of Splunk performance Simply add the ArcSight Integrator and point CEF Syslog or consume CEF Kafka topic. 12

ADP & Splunk: Powerful Together The Splunk Processing Language & ArcSight Interactive Search share many similarities A unified schema enables the cross-pollination of query syntax, e.g... ArcSight sourceaddress= 10.0.0.1 top destinationaddress Splunk index= arcsight AND sourceaddress= 10.0.0.1 top destinationaddress 13

ADP & Splunk: Aggregation Testimonial Reduce license utilization by 83% for one feed (from 9,000 to 1,500) $1.35 million in savings from this one example* 14 *Based upon ESM License pricing

ADP & Splunk: Implementation Add the ArcSight Technology Add-on (TA) for your ingest method: Splunk_TA_ArcSight_Integrator_for_SmartConnectors https://splunkbase.splunk.com/app/4133/ CEF Syslog Destinations Splunk_TA_ArcSight_Integrator_for_EB_or_Kafka https://splunkbase.splunk.com/app/4135/ Kafka topic of CEF data https://splunkbase.splunk.com/app/4136/ Optional: Leverage the Splunk_SA_ArcSight_Integrator (Support Add-on) for CEF-based dashboards and queries Configure connectors to aggregate data per included instructions Link to Protect724 for Splunk Add-On 15

Platform Solutions: Sumo & CEF Syslog Fully normalized data aligned to CEF Aggregating data to reduce Sumo licensing Increase efficiency of Sumo performance 16

Platform Solutions: HDFS Data Warehouse Data Lake Data Warehouse 17

Final Thoughts At the end of the day, we are all on the same team: When platforms collaborate: They become a force multiplier for their customers Everyone wins: users have faster searches AND managers have lower costs. Big data means thinking big and looking at the big picture. 18

Contact: Peter Titov Peter.Titov@microfocus.com Peter.Titov@gmail.com (412)-720-7938 #MicroFocusCyberSummit Thank You.

#MicroFocusCyberSummit

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback