ArcSight Connectors - Event Collection
Organizations collect log data for a variety of uses ranging from security monitoring to IT operations and from regulatory compliance to fraud detection. Event logs are generated throughout an organization in a large variety of formats.
ArcSight Connectors solve the problem of managing log records in hundreds of different formats. While the ArcSight SIEM Platform can collect log records in native formats, ArcSight Connectors provide normalization to a common format, which greatly improves reporting and analysis. By normalizing all events into one common event taxonomy, ArcSight Connectors decouple analysis from vendor selection. This approach has three significant advantages:
- Future Proofing
If a Cisco router is swapped for a Juniper router or if a new SQL database is added to a network that previously only had Oracle, no reporting or rules changes are required and the organization retains continuous visibility into all activity. - Ease of Analysis
The ArcSight common event format eliminates the need for end users to be familiar with hundreds of different log syntaxes across products. As a result, non-technical line of business users can easily conduct analysis on their own, reducing the burden on IT. - Universal Content Relevance
With the ArcSight normalized format, a report that shows “authentication failures” will cover every system automatically, even though one application may refer to authentication failures with a specific event ID while a database refers to the same as an “unsuccessful login.”
This unique architecture is supported across hundreds of commercial products out-of-the-box as well as legacy systems. ArcSight Connectors also offer various audit quality controls including secure, reliable transmission and bandwidth controls. In addition to software-based deployments, ArcSight Connectors are available in a range of plug-and-play appliances that can cost effectively scale from small store or branch office locations to large data centers. Connector appliances enable rapid deployment and eliminate delays associated with hardware selection, procurement and testing.
ArcSight Connectors
Appliance Specifications*
| Model | C1000 | C3200 | C5200 |
|---|---|---|---|
| Management | Web browser, CLI | ||
| OS | CentOS 4.6, 64-bit | Oracle Enterprise Linux 4, 64-bit | |
| Max EPS | 400 | 2,500 | 5,000 |
| CPU | 1 x Intel Celeron 220 1.2 GHz |
1 x Intel Xeon E5504 Quad Core 2.0 GHz |
2 x Intel Xeon E5504 Quad Core |
| RAM | 1GB | 6GB | 12GB |
| Cache | 120GB | 500GB | 2 x 500GB - RAID 1 |
| Chassis | Table Top | 1U | |
| Power | External 100-240 VAC |
480W - Non-Redundant 100-240 VAC |
2 x 500W - Redundant 100-240 VAC |
| Ethernet Interfaces | 1 x 10/100 | 2 x 10/100/1000 | 2 x 10/100/1000 |
| Dimensions (DxWxH) | 10.83” x 8.27” x 2.56” | 24.7” x 17.1” x 1.7” | 24.7” x 17.1” x 1.7” |
Actual performance will depend on factors specific to a user's environment.
