Difference: L1PhysicalSecurityResources (r2 vs. r1)

Resources for L1PhysicalSecurityResources

The following describes all resources included for this package. If you modify a resource, we suggest adding a comment in the Description field. If you create a new resource, please add it to the appropriate table below.

Packges

Resource NamePathDescription
L1 - Physical Security - Indicators and Warnings /All Packages/ArcSight Activate The package contains resources related to L1 Physical Security Use cases and User Stories

Active Channels

Resource NamePathDescription
All Badge Access Denied Events All Active Channels/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Access Denied Events This active channel shows all the events for which the Badge access has been denied.
All Badge Access Granted Events All Active Channels/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Access Granted Events This active channel shows all the events for which the Badge access has been granted.

Field Sets

Resource NamePathDescription
Physical Security Badge Access All /All Field Sets/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/ This fieldset consists of necessary fields for Physical Security package.

Global Variables

Resource NamePathDescription
accessDeniedMultipleDoorId /All Fields/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/accessDeniedMultipleDoorId This global variable looks for the Badge ID from Badge Access Denied on Multiple Doors active list.
accessDeniedSameDoorId /All Fields/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/accessDeniedMultipleDoorId This global variable looks for the Badge ID from the Badge Access Denied on Same Door Active list.

Files

Filters

Resource NamePathDescription
Filter NamePathDescription
All Badge Access Events/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge EventsThe filter identifies all the Badge Access Events.
Badge Access Denied Events/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied EventsThe filter identifies all the Badge Access Denied Events.
Badge Access Granted Events/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Granted EventsThe filter identifies all the successful Badge Access Granted events.
Badge Rejected at Same Door/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Same DoorThe filter identifies the events where the Badge Access was Denied at the same door.
Invalid Card Format Events/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Invalid Card Format EventsThe filter identifies events for Invalid Card format.
Badge Access Granted but No Entry Taken Events/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Granted but No Entry Taken Events The filter identifies events where the Badge Access was Granted but no entry was taken.

Integration Commands

Targets

Configurations

Active Lists

Resource NamePathDescription
All Badge Access Activity /All Active Lists/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Access Activity This Active List is populated by the lightweight rule Badge Access Events Details. The list stores information related to every badge access activity including user and device details. By default, the active list stores information for 24 hours.
Badge Access Denied on Multiple Doors /All Active Lists/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Multiple Doors This Active List is populated by the standard rule Badge Access Denied on Multiple Doors. The list stores minimal information related to badge access denied on multiple doors within specific time frame. By default, the active list stores information for 24 hours.
Badge Access Denied on Same Door /All Active Lists/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Same Door This Active List is populated by the standard rule Badge Access Denied on the Same Door. The list stores minimal information related to badge access denied on the same door within specific time frame. By default, the active list stores information for 24 hours.

Session Lists

Notifications

Query Viewers

Reports

Queries

Trends

Archives

Templates

Session Lists

Rules

Resource NamePathDescription
Badge Access Denied on Multiple Doors /All Rules/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Multiple Doors This rule triggers a correlation event in the Triage channel when badge access denied on multiple doors reaches a threshold. The rule adds details to Badge Access Denied on Multiple Doors Active List.
Badge Access Denied on Same Door /All Rules/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Same Door This rule triggers a correlation event in the Triage channel when badge access denied on same door reaches a threshold. The rule adds details to Badge Access Denied on Same Door Active List.
Badge Access Event Details /All Rules/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Event Details This light weight rule triggers upon any badge access activity and adds details to All Badge Access Activity Active List.

Stages

-- GeorgeBoitano - 26 Jan 2016

View topic | View difference side by side | History: r7 < r6 < r5 < r4 | More topic actions
 
This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback