Resources for L1PhysicalSecurityResources

The following describes all resources included for this package. If you modify a resource, we suggest adding a comment in the Description field. If you create a new resource, please add it to the appropriate table below.

Packages

Resource Name Path Description
L1 - Physical Security - Indicators and Warnings /All Packages/ArcSight Activate The package contains resources related to L1 Physical Security Use cases and User Stories

Active Channels

Resource Name Path Description
All Badge Access Denied Events /All Active Channels/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Access Denied Events This active channel shows all the events for which the Badge access has been denied.
All Badge Access Granted Events /All Active Channels/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Access Granted Events This active channel shows all the events for which the Badge access has been granted.

Field Sets

Resource Name Path Description
Physical Security Badge Access /All Field Sets/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/ This fieldset consists of necessary fields for Physical Security package.

Global Variables

Resource Name PathSorted ascending Description
accessDeniedMultipleDoorId /All Fields/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/accessDeniedMultipleDoorId This global variable looks for the Badge ID from Badge Access Denied on Multiple Doors active list.
accessDeniedSameDoorId /All Fields/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/accessDeniedMultipleDoorId This global variable looks for the Badge ID from the Badge Access Denied on Same Door Active list.

Filters

Filter Name Path Description
All Badge Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Events The filter identifies all the Badge Access Events.
Badge Access Denied at the Same Door /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied at the Same Door The filter identifies the events where the Badge Access was Denied at the same door.
Badge Access Granted Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied Events The filter identifies all the Badge Access Denied Events.
Badge Access Granted But No Entry Taken Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Granted But No Entry Taken Events The filter identifies events where the Badge Access was Granted but no entry was taken.
Badge Access Granted Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Granted Events The filter identifies all the successful Badge Access Granted events.
Invalid Card Format Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Invalid Card Format Events

The filter identifies events for Invalid Card format.

Active Lists

Resource Name Path Description
All Badge Access Activity /All Active Lists/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Access Activity This Active List is populated by the lightweight rule Badge Access Events Details. The list stores information related to every badge access activity including user and device details. By default, the active list stores information for 24 hours.
Badge Access Denied on Multiple Doors /All Active Lists/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Multiple Doors This Active List is populated by the standard rule Badge Access Denied on Multiple Doors. The list stores minimal information related to badge access denied on multiple doors within specific time frame. By default, the active list stores information for 24 hours.
Badge Access Denied on Same Door /All Active Lists/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Same Door This Active List is populated by the standard rule Badge Access Denied on the Same Door. The list stores minimal information related to badge access denied on the same door within specific time frame. By default, the active list stores information for 24 hours.

Rules

Resource Name Path Description
Badge Access Denied on Multiple Doors /All Rules/Real-time Rules/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Multiple Doors This rule triggers a correlation event in the Triage channel when badge access denied on multiple doors reaches a threshold. The rule adds details to Badge Access Denied on Multiple Doors Active List.
Badge Access Denied on Same Door /All Rules/Real-time Rules/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied on Same Door This rule triggers a correlation event in the Triage channel when badge access denied on same door reaches a threshold. The rule adds details to Badge Access Denied on Same Door Active List.
Badge Access Event Details /All Rules/Real-time Rules/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Event Details This light weight rule triggers upon any badge access activity and adds details to All Badge Access Activity Active List.
Topic revision: r7 - 13 Feb 2020, DatNguyen


 


Activate Wiki 2.1.0.0

This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback