VMware VCLOUD REQUEST MANAGER 1.0.0 Uživatelská příručka

Technical white paper HP CloudSystem Enterprise Integrating security with HP ArcSight Table of contents Executive summary ...

Technical white paper 10 Forwarding events to HP ArcSight ESM The HP ArcSight Logger can be used to aggregate events and forward specific events to

Technical white paper 11 We can also forward events from specific devices or device groups. In our example in Figure 10, we have created a forwarde

Technical white paper 12 Cloud Service Automation 3.1 Monitoring of events that occur in the core applications that comprise HP CloudSystem Enterpri

Technical white paper 13 The events captured from the log4j application logs will be sent to the HP ArcSight Logger and then select events can be c

Technical white paper 14 HP Virtual Connect To enable HP Virtual Connect (VC) to be monitored and viewed in HP ArcSight Logger and HP ArcSight ESM,

Technical white paper 15 Figure 14. Enabling Virtual Connect Remote System Logging • Select “Test”. By doing so, a test message is sent to the Lo

Technical white paper 16 Figure 15. Setting the ESXi Syslog.global.logHost variable • Select “OK”. • Select “Security Profile” under the “Softwa

Technical white paper 17 – In the “Firewall Properties” window, scroll down the list until you see “syslog” and select the check box to enable it

Technical white paper 18 – Optionally, you can select the “Firewall…” button, select the “Only allow connections from the following networks” radio

Technical white paper 19 Figure 19. Selection of “VMware Web Services” • Select the “Details” tab and select “Copy to File…” – Select “Next >

Technical white paper Appendix A: ASLinuxAudit.props ...

Technical white paper 20 Figure 20. Selection of “VMware Web Services” Connector • Select “true” for the “ValidateCert” option, then select “Next

Technical white paper 21 Figure 21. Example of completed Connector VMware Web Services device details – NOTE: If you get an information dialog bo

Technical white paper 22 HP TippingPoint Security Management System (SMS) Appliance The TippingPoint product has two types of devices, sensors and S

Technical white paper 23 • Select “Add” on the “Enter the device details” window and enter the following: – Host – Host name or IP address of the

Technical white paper 24 • Log into the HP TippingPoint SMS and navigate to “Admin > Server Properties > Syslog” – Select the “New…” button

Technical white paper 25 Protecting CloudSystem Enterprise Services with HP ArcSight In addition to protecting the HP CloudSystem Enterprise core c

Technical white paper 26 The zip file is then imported into Server Automation. Add a Post-Install script as seen in Figure 27 to run the silent inst

Technical white paper 27 Figure 28. Policy Items Including the ArcSightSecurityPackages policy into the MariaDB-RHEL6 and ApacheWordPress-RHEL6 po

Technical white paper 28 log4j.appender.cef1=com.hp.esp.arcsight.cef.appender.Log4jAppender log4j.appender.cef1.deviceVendor=HP log4j.appender.cef

Technical white paper 29 HP ArcSight ESM – Viewing Events with Active Channels Events can be viewed in the ESM using an Active Channel. To view eve

Technical white paper 3 Executive summary Organizations are faced with threats that could disrupt operations and critical IT services. HP CloudSyst

Technical white paper 30 Figure 33. View of Failed Logons with additional fields Click on the event to view the event details. Looking at the detai

Technical white paper 31 Zones High value assets can be grouped into Zones. A Zone is based on a range of IP Addresses which can be used as a filte

Technical white paper 32 Figure 37. ESM Query Failed Logon – General In the Fields tab we can select which event fields we want to return and displ

Technical white paper 33 Next we’ll create a query viewer that will be used to execute our Failed Logon Query. We’ve named this Query Viewer “Faile

Technical white paper 34 Rules Rules are used to trigger an Action when a specific event or event(s) occur. Keeping with our Failed Logon example we

Technical white paper 35 Cloud Security Alliance The Cloud Security Alliance is a not-for-profit-organization that provides guidance, education, an

Technical white paper 36 Table 1. Security controls Control Number Description HP ArcSight Information Security – User Access Reviews IS-10 All leve

Technical white paper 37 # What would you like to do? # # Please select one of the following options : # # 0 - Add a Connector(addconnector) #

Technical white paper 38 # ========================================================= # Panel 'connectordetails' # ========================

Technical white paper For more information Learn more at hpenterprisesecurity.com/products To read more about CloudSystem Enterprise go to hp.com/

Technical white paper 4 comprehensive service automation solution. Cloud Service Automation (CSA) can leverage CloudSystem Matrix infrastructure ser

Technical white paper 5 Key Benefits • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archivin

Technical white paper 6 Typical deployment scenarios Security and log event information is captured at the host and application level. Events can be

Technical white paper 7 Sending events to HP ArcSight Logger using Connectors HP ArcSight Connectors can be installed on CloudSystem Enterprise hos

Technical white paper 8 Sending events to HP ArcSight ESM using Connectors The HP ArcSight Connectors can also send CEF formatted log data directly

Technical white paper 9 Devices As systems connect to the HP ArcSight Logger, either through the UDP receiver or the SmartMessage receiver, they wi