Embed Size (px)
Citation preview
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Unlocking value with ArcSight Logger Suresh Venkataraman, Product Line Manager Vivek Vallachira, Team Lead, Logger R&D
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2
HP ArcSight Next Generation Cyber Defense
Predict
Visualize
Search
Collect
Correlate
Respond
Analytics SIEM
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
Logger capabilities: Unlocking value
A look at Logger’s capabilities to help you unlock the value in your investment in Logger!
(AKA: Why attend this session?)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
Dimensions for discussion
NEW Logger capabilities
Performance Analytics Form factors Productivity Price
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Performance Why does it matter?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
Performance: Customer’s requirements
“We need Logger search to be faster!”
“We need seamless data access to/from Peered Loggers.”
“We need Logger to scale.”
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
Performance: Super fast search
“We need Logger search to be faster!”
“We need seamless data access to/from Peered Loggers.”
“We need Logger to scale.”
Super-fast search with super indexed Fields
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
Performance: Scalability – scale out
“We need Logger search to be faster!”
“We need seamless data access to/from Peered Loggers.”
“We need Logger to scale.”
Super-fast search with super indexed Fields
Peer up to 20 Loggers Linear search speeds in Peer Deployments
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Performance: Scalability – scale up
“We need Logger search to be faster!”
“We need seamless data access to/from Peered Loggers.”
“We need Logger to scale.”
Super-fast search with super indexed Fields
Peer up to 20 Loggers Linear search speeds in Peer Deployments
8 TB per instance
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Analytics Why does it matter?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
Analytics: Field Summaries
Need screen shot from Vivek
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
Analytics: Static List Lookup
Need screen shot from Paul Brettle
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
Analytics: New Reporting Engine version
Need screen shot from Vivek
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
Analytics: RESTful APIs
Why APIs (Interface with the product programmatically) • Show data in a different UI • Get data for analysis in a different product
Two kinds of web services APIs • SOAP (will be deprecated in due course) • RESTful
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Productivity Why does it matter?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
Productivity: New Field sets, dashbaords
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
Productivity: Search Hints
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
Productivity: Field Summaries
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
Productivity: Aggregator operators
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
Productivity: UI enhancements
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Value priced Why does it matter?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
Lowest priced out-of-the-box log management
Predictable pricing Simple
Logger 5.5+
1 2
• Simplified product structure
• Linear (and predictable) pricing
• Capacity counted only in GB/day;
• No devices; no storage; no users / consoles
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Form factors Why do they matter?
Why does it matter?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24
Form factors
Appliance
• No Challenge Response to SSH access
• FIPS compliant • Larger addressable storage
on the latest models
Software on-premise
• Smaller trial Logger
Virtualized form factor
• Deployment convenience
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25
…and, a new mobile app!
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26
Dimensions for discussion: Summary
NEW Logger capabilities
Performance Analytics Form factors Productivity Price
Faster search
Scalability
- Scale up
- Scale out
Peered loggers
List lookup
Field Summaries
RESTful APIs
New Reporting Engine version
On-prem. SW
Virtualized
Appliance
Migration possibilities
Mobile app
New content
Search auto-complete
Field Summaries/ aggregators
New UI
Simplified product structure
Linear scaling
Standardized capacity
Cheapest OOB log management
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27
For more information
Attend these sessions
• TB3123, Logger reporting, the whole reporting and nothing but the reporting
• TT3099, Leveraging super-indexed searches
• TT3589, Enriching HP ArcSight Logger search with third party information
Visit these demos
• HP ArcSight Logger – Fastest search engine for machine data
After the event
• Contact your sales rep • Visit the new revitalized
Protect724 website for product announcements, tips and tricks and connect with other users
Your feedback is important to us. Please take a few minutes to complete the session survey.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28
Please fill out a survey. Hand it to the door monitor on your way out.
Thank you for providing your feedback, which helps us enhance content for future events.
Session TB3290 Speakers Suresh Venkataraman & Vivek Vallachira
Please give me your feedback
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
