User`s guide

ManualsBrandsVMware ManualsOtherVCLOUD REQUEST MANAGER 1.0.0

Technical white paper

Table 1. Security controls

Control

Number

Description

HP ArcSight

Information

Security – User

Access Reviews

IS-10

All levels of user access shall be reviewed by management

at planned intervals and documented. For access violations

identified, remediation must follow documented access

control policies and procedures.

HP ArcSight ESM

Information

Security – Incident

Management

IS-24

Policies and procedures shall be established to triage

security related events and ensure timely and thorough

incident management.

HP ArcSight ESM

Information

Security – Audit

Tools Access

IS-29

Access to, and use of, audit tools that interact with the

organizations information systems shall be appropriately

segmented and restricted to prevent compromise and

misuse of log data.

HP ArcSight ESM

Information

Security – Incident

Response Metrics

IS-30

Mechanisms shall be put in place to monitor and quantify

the types, volumes, and costs of information security

incidents.

HP ArcSight ESM

Security

Architecture – Audit

Logging / Intrusion

Detection

SA-14

Audit logs recording privileged user access activities,

authorized and unauthorized access attempts, system

exceptions, and information security events shall be

retained, complying with applicable policies and regulations.

Audit logs shall be reviewed at least daily and file integrity

(host) and network intrusion detection (IDS) tools

implemented to help facilitate timely detection,

investigation by root cause analysis and response to

incidents. Physical and logical user access to audit logs shall

be restricted to authorized personnel.

HP ArcSight ESM

Summary

In this document we have shown how to use HP ArcSight Logger and HP ArcSight ESM to enhance security for CloudSystem

Enterprise environments. Using HP ArcSight Logger as a central repository for security and event logging, organizations can

use HP ArcSight ESM to monitor and react to security related events. Monitoring both application and operating system

events provides organizations with a comprehensive view of the CloudSystem environment. We also discussed using the HP

ArcSight Logger to aggregate events and forward specific events to the HP ArcSight ESM for further analysis, investigation,

and action.

Appendix A: ASLinuxAudit.props

The ASLinuxAudit.props file in the Server Automation Package ArcSight-5.2.7.6474.0-Connector-

Linux-props.zip (Figure 26) used for automated deployment of the ArcSight smart connector for Linux audit logger is

shown below. This file was generated by running runagentsetup.sh –i recorderui to capture user input. This

Smart Connector installation response file is configured to send events to the ArcSight Logger with a Smart Connector

configured with the name “Smart”.

# Arcsight's Silent Properties File

# Please edit this file to set the desired values

# Automatically generated on Thu Jan 24 13:02:52 EST 2013

# InstallAnywhere Installer Properties:

INSTALLER_UI=SILENT

USER_INSTALL_DIR=/root/ArcSightSmartConnectors

ARCSIGHT_AGENTSETUP_PROPERTIES=/tmp/ASLinuxAudit.props

# =========================================================

# Panel 'containeroperation'

# =========================================================