ArcSight Recon 1.1 User Guide
- ArcSight Recon 1.1 User Guide
- Welcome to ArcSight Recon
- Investigating Events
- Searching for Events
- Understanding the Search Feature
- Understanding the Search Progress Indicators
- Creating and Saving Searches
- Initiating a Search from Enterprise Security Manager
- Viewing Search Results
- Modifying the Search Settings
- Exporting the Search Results
- Understanding the Search Parameters
- Understand the Types of Search Queries
- Understand the Query Syntax, Operators, and Functions
- Specify a Group of Fields
- Specify an Alias for a Field
- Specify IP Addresses and Subnets
- Include a Storage Group’s Filter in the Search Query
- Extend the Search with a Lookup List
- Use Specific Sets of Fields for Search Results
- Configure the Time Range
- Configure Preferred Settings for Searches
- Hunting for Undetected Threats
- Viewing Dashboards and Reports
- View a Dashboard
- View a Report
- Choose Default Dashboards for the Reports Portal
- Understanding the MITRE ATT&CK Dashboards and Reports
- MITRE ATT&CK Dashboards
- MITRE ATT&CK Reports
- Understanding the Cloud Security Dashboards and Reports
- Abuse and Nefarious Use of Cloud Services – Dashboards
- Account Hijacking – Dashboards and Reports
- Advanced Persistent Threats – Dashboard
- Data Breaches – Dashboards
- Data Loss – Dashboard and Reports
- Denial of Service – Dashboard
- Insecure Interfaces and APIs – Report
- Insufficient Due Diligence – Reports
- Insufficient Identity Credential and Access Management – Reports
- Malicious Insiders – Report
- System Vulnerabilities – Dashboard and Reports
- Vulnerabilities on Shared Technologies
- Understanding the Foundation Dashboards and Reports
- Entity Monitoring – Dashboards and Reports
- Events Overview – Dashboards
- Hosts Monitoring - Reports
- Malware Monitoring – Dashboard and Reports
- Network Monitoring – Dashboards and Report
- Perimeter Monitoring – Dashboards and Reports
- Vulnerability Monitoring – Dashboard and Reports
- Understanding the OWASP Security Dashboards and Reports
- Broken Access Control
- Broken Authentication
- Cross-site Scripting
- Injections
- Insecure Deserialization – Dashboards and Reports
- Insufficient Logging and Monitoring – Dashboards and Reports
- Security Misconfiguration
- Sensitive Data Exposure
- Using Components with Known Vulnerabilities – Dashboards and Reports
- XML External Entities
- Analyzing Anomalous Data with Outlier Analytics
- Generating Models to View Anamalous Data
- Considerations for Generating Models
- Defining and Building a Model
- Scoring a Model
- Deleting a Model
- Viewing Anomalous Data in a Model
- Understand the Provided Analytics Charts
- Further Investigate Anomalies
- View a Scored Model
- Managing the Quality of Your Data
- Understanding the Data Quality Insights
- Understanding How Data Quality is Calculated
- Analyzing Data Quality
- Using Visuals and Reports to Analyze Data
- Accessing Reports and Dashboards
- Scheduling Report Generation
- Designing Reports for Data Analysis
- Adding and Removing Report Content
- Import and Export Content
- Supported Data Sources
- Managing Your Stored Data
- Organizing Your Data
- Use Storage Groups to Organize and Retain Data
- Activate and Deactivate Storage Groups
- Change the Settings of a Storage Group
- Set Retention Policies for the Data
- Use Storage Group Queries in a Search
- Managing User Access and Preferences
- Assigning Permissions for Recon
- Default Permissions for Searches
- Default Permissions for Reports
- Additional Permissions for Administrators
- Default Roles for Recon
- Configuring User Preferences
- Configure Search Preferences
- Copyright Notice