Difference: HowActivateApproach (r6 vs. r5)

r6 - 23 May 2017 - 19:01 - PrenticeHayes r5 - 10 May 2017 - 14:34 - PrenticeHayes

The Activate Approach

The Activate Approach


Activate Philosophy


Activate is primarily based on the philosophy of supporting the Security Team, from the part-time, one person security technician to a full-scale, 24x7 Security Operations Center. From the beginning, the goal has been to create actionable content for security analysts. As the Activate Framework and security teams mature, the goal is shifting from essential, actionable content to common security monitoring needs and metrics.


The ArcSight Activate Framework is an end-to-end security monitoring approach, starting with your protected systems and security devices, to your SmartConnector deployment and tuning, through the content, evaluation of your security process workflow, completing the cycle with a feedback and gap analysis loop. This is expressed by the adaption of the Multi-Sensor Data Fusion Model. It also tracks activity across the phases of the ArcSight Attack Life Cycle. The attack life cycle, in combination with Defense Monitoring in Depth, allows for content metrics and gap analysis in the feedback level.


Activate Data Fusion Model


The Activate Data Fusion Model is the core of how the content integrates the events and enriches them. This makes it possible to advance from data to information, then to knowledge.


Activate Attack Life Cycle


The Activate Attack Life Cycle tracks systems and entities as they are exposed to activity across the various attack phases.


Activate Defense Monitoring in Depth


The Activate Defense Monitoring in Depth provides a structure for evaluating events relative to the Defense in Depth concept.


Activate Methodologies


The Activate Methodologies describe the various components available to Activate content developers.


Activate Framework Best Practices


The Activate Framework Best Practices provides a guide for deploying ArcSight ESM and related components.

-- GeorgeBoitano - 21 Jan 2016

-- GeorgeBoitano - 21 Jan 2016

r6 - 23 May 2017 - 19:01 - PrenticeHayes r5 - 10 May 2017 - 14:34 - PrenticeHayes

View topic | View difference interwoven | History: r8 < r7 < r6 < r5 | More topic actions
This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback