Welcome to the ArcSightActivate Wiki

This web contains the canonical new version of the ArcSight Activate web. If you are writing customer-facing Activate documentation, you have come to the right place. Welcome!

All documentation is publically viewable.

You only need an account if you are a developer or editor that needs to add to or update this documentation . There will be an export of this wiki for those who have their own, internal FOSwiki installations.


What is ArcSight Activate?

ArcSight Activate is a modular content development methodology and a collection of reusable components designed to quickly deploy and develop actionable use cases. Activate enables you to implement and customize packaged use cases without having to reinvent the wheel. But just as important, it empowers you to develop your own use cases leveraging library of reusable components, standardized deployment tactics, methodology and defined best practices. Via its comprehensive framework and ever growing list of packages, Activate allows new ArcSight implementations to deliver value quickly while providing more mature sites with a methodology for continuous adaptation and improvement.

This wiki contains everything you need to know about Activate:
  • If you are evaluating Activate, see our Why Activate? section for a comprehensive introduction to the benefits Activate provides to both new and mature ArcSight implementations
  • To get started with Activate, see our How to Activate section for guides on both the methodology and complete Framework installation and configuration instructions.
  • To quickly implement various use cases, see our Activate Packages section to see the current list of packages available, each with a full set of installation and configuration instructions and guides to all included ArcSight resources.

Finally, in the left sidebar there is an expandable tree allowing you to quickly navigate to the Activate topic of interest to you. Browse the documentation, install the Framework and implement the packages you need, and you will find yourself with a modular, reusable foundation for all your ArcSight content going forward. Welcome to Activate!

Starting with ArcSight Activate

ArcSight Activate provides two tracks allowing both new and advanced users to use the content and framework.

New users will start by following the User Track . They will be introduced to the basics of running a SIEM. This track focuses on requirements like configuring the end devices to send required information, and configuring the ArcSight SmartConnectors. The track also covers the installation process and components.

Advanced users that are ready to develop in the framework can follow the development track. Typically, developers have gone through Analyst training, use case development training and/or content development training through ArcSight University. The developer track will show you what content to create, how to reuse shared components and where to save your content. It will also go over all components of an ArcSight Activate package and how to deliver it so that it can be shared.

The diagram below shows the documentation flow for each track.

DocumentationFlow.jpg

Creating New Packages

  • We have created templates for new packages and their resources, so that each package looks alike. Please feel free to suggest modifications to these templates, or just to modify them yourself if you see a way to improve them.
  • Because of the use of templates, to create a new package, you should go to the main Packages page and use the text box to create a new Package topic. There are naming instructions on that page.
  • The new page should contain a link to a new Packages Resources child page.

Other editing Topics.

  • Your instructions here!

This topic: ArcSightActivate > WebHome
Topic revision: 29 Sep 2017, PrenticeHayes
 
This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback