The Integration Of Cisco Identity Services Engine With The Hp Arcsight Siem
958 Words4 Pages
The first research was related to the integration of Cisco Identity Services Engine with the existing HP ArcSight SIEM which was already implemented at the Security Operations Center for the security of client systems. There are two different approaches that can be used to integrate Cisco Identity Services Engine with the HP ArcSight SIEM. Cisco ISE can be used to receive the contextual user data related to the security incidents happening on the network. It is used for the user attribution of each security incident and can provide the user information such as IP Address, user name, user class details, device details and other posture details. I was assigned the responsibility to study both the approaches and suggest one for the implementation depending on the advantages and disadvantages. The first approach was based on the direct integration of APIs of the two integrating applications.
HP ArcSight has three important components:
• Enterprise Security Manager (ESM): ESM is the most important component of HP ArcSight. This is where all the thinking and analysis takes place. ESM identifies all the incidents and threats and these are presented to the security analysts via reports.
• Logger: Logger is used to collect and store logs from any machine in the client network.
• Connector: Connectors help in automating the collection of data and logs into the logger. As the name suggests, they act as connectors between different source machines and loggers to enable the flow of