Scribd Logo
Upload

Welcome to Scribd!

  • Lab 5 Filters PDF

    Uploaded by

    Pradeep Kumar
    17 views6 pages
    This document provides instructions for a lab on working with filters in ArcSight. The objectives are to work with simple filters, use active lists in filters, use subnets in filters, and use ranges in filters. The lab includes three guided exercises to create filters for active channels and rules with specified conditions, such as filtering out low priority events, specific attacker addresses, and vendor devices.

    Original Description:

    Lab_5___Filters.pdf

    Original Title

    Lab_5___Filters.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for a lab on working with filters in ArcSight. The objectives are to work with simple filters, use active lists in filters, use subnets in filters, and use ranges in filters. The lab includes three guided exercises to create filters for active channels and rules with specified conditions, such as filtering out low priority events, specific attacker addresses, and vendor devices.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views6 pages

    Lab 5 Filters PDF

    Uploaded by

    Pradeep Kumar
    This document provides instructions for a lab on working with filters in ArcSight. The objectives are to work with simple filters, use active lists in filters, use subnets in filters, and use ranges in filters. The lab includes three guided exercises to create filters for active channels and rules with specified conditions, such as filtering out low priority events, specific attacker addresses, and vendor devices.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Security and Privacy Services

    ArcSight ITS Training


    Lab 5 – Working with Filtering
    8 August 2013

    This study source was downloaded by 100000805244265 from CourseHero.com on 04-20-2022 07:49:28 GMT -05:00

    https://www.coursehero.com/file/38701088/Lab-5-Filterspdf/
    Lab 4.1 – Working with Filters

    Table of Content
    SECTION 1 - LAB OBJECTIVES ................................................................................................................................3
    SECTION 2 - WORKING WITH FILTERS .............................................................................................................4

    Legend

    Notation or important step or note. For example, the objective for each section.

    Observation for the preceding step.

    Deloitte
    This study source Confidential and
    was downloaded Proprietary
    by 100000805244265 from CourseHero.com on 04-20-2022 07:49:28 GMT -05:00 Page 2 of 6

    https://www.coursehero.com/file/38701088/Lab-5-Filterspdf/
    Lab 4.1 – Working with Filters

    Section 1 - Lab objectives


    The objective of this lab is as follows:

     Work with simple filters


     Use Active Lists in filters
     Use subnets in filters
     Use ranges in filters

    Deloitte
    This study source Confidential and
    was downloaded Proprietary
    by 100000805244265 from CourseHero.com on 04-20-2022 07:49:28 GMT -05:00 Page 3 of 6

    https://www.coursehero.com/file/38701088/Lab-5-Filterspdf/
    Lab 4.1 – Working with Filters

    Section 2 - Working with Filters


    Section Objectives
    In this section you will work with filters and get an understanding of
    the logical foundation that is used in ESM functionality.

    Filter lab 1 - Guided


    Create a filter for an Active Channel as follows (Note: A filter for Active Channel defines a
    match):

     I want to only see all MS-SQL attack events from all IDS (regardless of vendors)
    targeted at systems in the network 198.198.0.0/16

    The instructions are as follows:

    1. In the Navigator click on Filters (Ctrl + Alt + F)


    2. Right click on your folder and create a filter "Filter lab 1"

    Deloitte
    This study source Confidential and
    was downloaded Proprietary
    by 100000805244265 from CourseHero.com on 04-20-2022 07:49:28 GMT -05:00 Page 4 of 6

    https://www.coursehero.com/file/38701088/Lab-5-Filterspdf/
    Lab 4.1 – Working with Filters

    3. Click on Filter and add the following filter

    Deloitte
    This study source Confidential and
    was downloaded Proprietary
    by 100000805244265 from CourseHero.com on 04-20-2022 07:49:28 GMT -05:00 Page 5 of 6

    https://www.coursehero.com/file/38701088/Lab-5-Filterspdf/
    Lab 4.1 – Working with Filters

    Filter lab 2
    Create a filter, that will be used for an Active Channel, with the following condition:

     Filter out all low priority events (< 5);


     Filter out all Microsoft devices with the attacker address 10.0.113.187; and
     Filter out all Snort devices

    Filter lab 3
    Create a filter, that will be used for a Rule, with the following condition:

     Filter out all low priority events (< 5); And


     Attacker Address is in Active List /All Active Lists/_Training/training
    attackers

    Deloitte
    This study source Confidential and
    was downloaded Proprietary
    by 100000805244265 from CourseHero.com on 04-20-2022 07:49:28 GMT -05:00 Page 6 of 6

    https://www.coursehero.com/file/38701088/Lab-5-Filterspdf/
    Powered by TCPDF (www.tcpdf.org)

    You might also like