SmartConnectors
Active Channels
Dashboards & Reports
Rules
Investigation
100
A hardware solution provided by HP that hosts SmartConnectors with a web-based interface.
What is a Connector Appliance?
100
The types of timestamps used in Active Channels.
What are finite and dynamic?
100
Two of the various formats that can be used to display information on Dashboards.
What are: - table? - bar graph? - pie chart?
100
The action used to send emails to the team in the event of an alert.
What is Send Notification?
100
Basic Dashboard and Report investigation can be done from this ArcSight component.
What is ArcSight Command Center?
200
The two ways we fetch and/or receive most logs in our ArcSight implementation.
What are Windows and syslog SmartConnectors?
200
The portion of the Active Channel that shows a graphical representation of the events in the channel.
What is the radar?
200
Allow users to get quick summaries that would normally be represented in Active Channels.
What are Query Viewers?
200
The conditions that have to be met in order for a Rule to fire?
What are criteria?
200
These are used to save common conditions for searching within Loggers.
What is a saved filter?
300
The normalized data schema used by ArcSight.
What is CEF? (Common-Event-Format)
300
Can be used to lookup LanSweeper data related to or query the reputation of a field within the Active Channel and are global to the ESM environment.
What are Integration Commands?
300
Two ways to provide data for a Dashboard.
What are Data Monitors and Query Viewers?
300
Used to build conditions for rules common conditions are easily defined.
What are filters?
300
These are used to display relevant information when researching events within Loggers and ESM.
What are Field Sets?
400
One of the bulk operations made available by using remote management of SmartConnectors.
What is: - upgrading the SmartConnector? - adding/deleting/editing a destination? - updating run-time parameters on a destination?
400
Can be used to lookup information related to an IP address displayed in an Active Channel and is local to each ESM Console installation.
What are Tools?
400
Can be used to display data on both Dashboards and Reports.
What is a Query?
400
The number of repeating events that must be met in order for a Rule to fire.
What is a threshold?
400
This feature allows for searching for events across all Loggers within the environment.
What is peering?
500
Allows remote management of SmartConnectors.
What is a Connector Appliance?
500
A tool that can be used to further filter data within an Active Channel without changing the configuration of the current Channel.
What is the Investigate option?
500
The two ways reports can be run.
What are on-demand and scheduled?
500
The four event types within ESM.
What are base, aggregated, correlation, and action?
500
The most common method for reviewing events in the course of investigation.
What is an Active Channel?
M
e
n
u