The Activate Approach

Activate Philosophy

Activate is primarily based on the philosophy of supporting the Security Team, from the part-time, one person security technician to a full-scale, 24x7 Security Operations Center. From the beginning, the goal has been to create actionable content for security analysts. As the Activate Framework and security teams mature, the goal is shifting from essential, actionable content to common security monitoring needs and metrics.

The ArcSight Activate Framework is an end-to-end security monitoring approach, starting with your protected systems and security devices, to your SmartConnector deployment and tuning, through the content, evaluation of your security process workflow, completing the cycle with a feedback and gap analysis loop. This is expressed by the adaption of the Multi-Sensor Data Fusion Model. It also tracks activity across the phases of the ArcSight Attack Life Cycle. The attack life cycle, in combination with Defense Monitoring in Depth, allows for content metrics and gap analysis in the feedback level.

Activate Data Fusion Model

The Activate Data Fusion Model is the core of how the content integrates the events and enriches them. This makes it possible to advance from data to information, then to knowledge.

Activate Attack Life Cycle

The Activate Attack Life Cycle tracks systems and entities as they are exposed to activity across the various attack phases.

Activate Defense Monitoring in Depth

The Activate Defense Monitoring in Depth provides a structure for evaluating events relative to the Defense in Depth concept.

Activate Indicators and Warnings Categories

The Activate Indicators and Warnings categories describe all the possible events that can come from a device.

Activate Methodologies

The Activate Methodologies describe the various components available to Activate content developers.

Activate User Stories, Use Cases and Epics

The Activate User Stories, Use Cases and Epics provides insight into how content is arranged.

Activate Framework Best Practices

The Activate Framework Best Practices provides a guide for deploying ArcSight ESM and related components.

-- GeorgeBoitano - 21 Jan 2016
Topic revision: r8 - 05 Feb 2018, PrenticeHayes


Activate Wiki

This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback