Posted by2 years ago
Archived
I am interviewing for a Security Analyst position soon with a financial company. I have already been working in the field for a year or so with college education behind me as well. While I have worked with proprietary SIEMs and log correlating platforms, I have not had much experience with Splunk or Arcsight. My friend who works for this company mentioned they use both.
What are the main differences, similarities, pros, cons etc. of both Splunk and Arcsight?
Design of sending events/logs to SIEM/Arcsight. In it though in the Arcsight, this AD/DC server does send logs/ events to the Arcsight. I issued 'netstat -an 1 find ':514' ' for 3 minutes but don't. So you can combine its detailed change and configuration data with security event information in ArcSight ESM, these can. Configuring Unix or Linux to use Arcsight Information Services & Technology provides a central log repository for your syslog clients. Syslog is most commonly found on Unix and Linux systems but is also available for Windows operating systems.
Thank you for the help.
23 comments