esm 7 distributed correlation
play

ESM 7 Distributed Correlation Paul MacGyver Carman Global Technical - PowerPoint PPT Presentation

Oct 29, 2023 •27 likes •267 views

ESM 7 Distributed Correlation Paul MacGyver Carman Global Technical Security Sales Engineer #MicroFocusCyberSummit Confidential information This is a rolling (up to three year) Roadmap and is subject to change without notice Confidential

  1. ESM 7 Distributed Correlation Paul MacGyver Carman Global Technical Security Sales Engineer #MicroFocusCyberSummit

  2. Confidential information This is a rolling (up to three year) Roadmap and is subject to change without notice Confidential information. This Roadmap contains Confidential Information of Micro Focus and/or its affiliates (“Micro Focus”), and is subject to change without notice. If you have a valid Confidential Disclosure Agreement (“CDA”) with a Micro Focus entity, use of the Roadmap is subject to that CDA and allowed solely for the purpose of evaluating purchase decisions from Micro Focus. If not, it is subject to the following terms. For 3 years after disclosure, You may use the Roadmap solely for the purpose of evaluating purchase decisions from Micro Focus. You must use a reasonable standard of care to prevent disclosure. You will not disclose the contents of the Roadmap to any third party with Micro Focus’ prior written approval unless it first becomes publically known or is rightfully received by you from a third party without duty of confidentiality. 2

  3. Agenda Why Distributed Correlation? Distributed Correlation Architecture  Components and Relationship  What gets processed where? Deployment and Sizing Examples  Tips and Requirements Monitoring the ESM Cluster Next Steps 3

  4. Why distributed correlation?  Massively scales up to 100,000 Centralized Alerts correlated events per second per cluster and Content building  Easily add nodes to scale out  No more multi-tier configurations needed to scale out Clustered correlation  No more forwarding connectors required between layers Split data stream to parallel processes  Write more content , support across multiple nodes in a cluster heavier content HPE Confidential, under NDA use only

  5. Architecture

  6. The ESM 7 Distributed Correlation Architecture Console ACC Connectors / EB Persistor CORRE DB Legend UI Interaction Data Exchange Repo Information Exchange Event Intake and Persistence Isolate persistence 6

  7. The ESM 7 Distributed Correlation Architecture Console ACC Connectors / EB Persistor CORRE DB Legend UI Interaction Correlators Data Exchange Correlators Repo Information Exchange Event Intake and Persistence Correlators: filter evaluation 7

  8. The ESM 7 Distributed Correlation Architecture Console ACC Connectors / EB Persistor CORRE DB Legend UI Interaction Correlators Data Exchange Correlators Repo Information Exchange Aggregators Event Intake Aggregators and Persistence Aggregators: grouping 8

  9. The ESM 7 Distributed Correlation Architecture Console ACC Connectors / EB Persistor M e CORRE DB s B Legend s u a s UI Interaction g Correlators Data Exchange e Correlators Repo Information Exchange Aggregators Event Intake Aggregators and Persistence Message Bus: events, data 9

  10. The ESM 7 Distributed Correlation Architecture Console ACC Connectors / EB D Persistor i M s e t C CORRE DB s B a r Legend s u i c a s h b UI Interaction g u e Correlators Data Exchange e t Correlators e Repo Information d Exchange Aggregators Event Intake Aggregators and Persistence Distributed Cache: lists, resources 10

  11. The ESM 7 Distributed Correlation Architecture Console ACC Connectors / EB D Persistor i M s e t C CORRE DB s B a r Legend s u i c Repository a s h b UI Interaction g u e Correlators Data Exchange e t Correlators e Repo Information d Exchange Aggregators Event Intake Aggregators and Persistence Repository: global settings 11

  12. Event Flow … In a Nutshell Correlation, Audit Correlation, Audit Audit Data Persisted Monitor Connectors, & Enriched Correlators Aggregators Persistor Aggregators Correlators EB, ESM, ... Rule Audit Standard Rules, Pre-persistence Rules Light-weight Rules Data Monitors Where correlation happens 12

  13. Deployment and Sizing

  14. Sample 3 Node Configuration ESM Node 1 ESM Node 2 ESM Node 3 Correlator Mbus_data Correlator Mbus_data Persistor Aggregator Aggregator Mbus_control Mbus_control Repo Mbus_control Repo Repo Includes DCache)  Persistor deployed to single node Number of correlator, aggregator, mbus, distributed cache and repository can be adjusted as needed  across nodes Actual layout of services may be changed based on capacity requirements   2 Correlators are recommended if the number of cores is 24 or greater, and the network is 10 Gbit or greater. 14

  15. Sample 4 Node Configuration - PREFERRED ESM Node 1 ESM Node 2 ESM Node 3 ESM Node 4 Persistor Correlator Mbus_data Correlator Mbus_data Aggregator Mbus_data Repo Aggregator Mbus_control Correlator Mbus_control Aggregator Mbus_control DCache Repo DCache Repo Includes DCache)  Message Bus control deployed to three nodes due to need for odd number deployment requirement Persistor deployed to single node   Number of correlator, aggregator, distributed cache and repository can be adjusted as needed across nodes Actual layout of services may be changed based on capacity requirements   1 Correlator and 2 Aggregators are recommended if the number of cores is 32 or greater 15

  16. Sample 5 Node Configuration ESM Node 1 ESM Node 2 ESM Node 3 ESM Node 4 ESM Node 5 Persistor Correlator DCache Correlator Mbus_cont Correlator DCache Correlator Mbus_cont Repo Correlator Mbus_cont Correlator Mbus_data Correlator Mbus_data Correlator Mbus_data Aggregator Mbus_data Aggregator Aggregator Aggregator Repo Repo DCache Includes DCache) Message Bus control deployed to three nodes due to need for odd number deployment requirement   Persistor deployed to single node Number of correlator, aggregator, distributed cache and repository can be adjusted as needed across nodes   Actual layout of services may be changed based on capacity requirements 16

  17. Deployment Tips  Isolate persistor as much as  Persistor includes embedded possible DCache  Do not put mbus data on persistor node  Aggregators and Mbus_Data are very memory intensive – no  3 or 5 mbus data nodes is best more than 3 total on a node for redundancy  Multiple Repos for redundancy  Correlators and Aggregators is a good idea make a good pair for a node, usually 2C:1A  Cluster supports one persistor instance 17

  18. Cluster Requirements  No need for hardware homogeneity  Must be same network protocol  No direct connection required  Must be in the same data center  Same time zone for all nodes  Same OS and same OS version 18

  19. 7.0 Cluster Monitoring Features

  20. Monitoring the ESM 7 cluster  Dashboard in ACC to monitor cluster  “check engine light” in the console  Manage connectivity to MB and DC  Manage lags for correlator and aggregators  Manage.jsp is updated 20

  21. Next Steps

  22. Next Steps Download ESM 7  Available to all customers under maintenance  Can be deployed in Compact and Distributed Modes Download and Review the Documentation  Available from Protect 724 Review your Requirements with SE and/or PS  Find out if distributed correlation is right for you

  23. #MicroFocusCyberSummit Thank You.

  24. #MicroFocusCyberSummit

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Correlation Course Title Correlation Correlation coe ffi cient between -1 and 1 Sign

Correlation Course Title Correlation Correlation coe ffi cient between -1 and 1 Sign

CORRELATION AND REGRESSION Correlation Course Title Correlation Correlation coe ffi cient between -1 and 1 Sign > direction Magnitude > strength Correlation and Regression Near perfect correlation Correlation and

929 views • 35 slides
Distributed Collaborative Filtering and Adaptive User-to-User Correlation Francesco Ricci

Distributed Collaborative Filtering and Adaptive User-to-User Correlation Francesco Ricci

Distributed Collaborative Filtering and Adaptive User-to-User Correlation Francesco Ricci Faculty of Computer Science Free University of Bozen-Bolzano, Italy Joint work with Shlomo Berkovsky (CIRSO), Tsvi Kuflik (University of Haifa), and

760 views • 46 slides
Bivariate Correlation r > 0 r < 0 r = 0 r = 0 r > 0 r = 0 remember: r measures

Bivariate Correlation r > 0 r < 0 r = 0 r = 0 r > 0 r = 0 remember: r measures

Today bivariate correlation bivariate regression multiple regression Bivariate Correlation Pearson product-moment correlation (r) assesses nature and strength of the linear relationship between two continuous variables ( X

1.03k views • 89 slides
Business Statistics CONTENTS The correlation coefficient The rank correlation coefficient

Business Statistics CONTENTS The correlation coefficient The rank correlation coefficient

: ESTIMATES AND TESTS Business Statistics CONTENTS The correlation coefficient The rank correlation coefficient Testing the correlation coefficient Non-linear relationships Old exam question Further study THE CORRELATION COEFFICIENT

404 views • 22 slides
1 Outline Introduction to WMSNs Spatial correlation for visual information in WMSNs

1 Outline Introduction to WMSNs Spatial correlation for visual information in WMSNs

1 Outline Introduction to WMSNs Spatial correlation for visual information in WMSNs Correlation function Entropy-based analytical framework Correlation and coding efficiency Correlation-aware routing protocol design

677 views • 28 slides
Correlation Quantitative A Aptitude & & Business S Statistics Correlation

Correlation Quantitative A Aptitude & & Business S Statistics Correlation

Correlation Quantitative A Aptitude & & Business S Statistics Correlation Correlation is the relationship that exists betw een tw o or more variables. If tw o variables are related to each other in such a w ay that change

1.15k views • 98 slides
Theory of correlation transfer and correlation structure in recurrent networks Ruben Moreno-Bote

Theory of correlation transfer and correlation structure in recurrent networks Ruben Moreno-Bote

Theory of correlation transfer and correlation structure in recurrent networks Ruben Moreno-Bote Foundation Sant Joan de Du, Barcelona Moritz Helias Research Center Jlich Theory of correlation transfer and correlation structure in

842 views • 57 slides
Theory of correlation transfer and correlation structure Part II: recurrent networks CNS*2012

Theory of correlation transfer and correlation structure Part II: recurrent networks CNS*2012

Mitglied der Helmholtz-Gemeinschaft Theory of correlation transfer and correlation structure Part II: recurrent networks CNS*2012 tutorial July 21st, Decatur, Atlanta Moritz Helias INM-6 Computational and Systems Neuroscience, Jlich,

1.03k views • 82 slides
Correlation and Regression 9-1 Overview 9-2 Correlation 9-3 Regression 9-4 Variation and

Correlation and Regression 9-1 Overview 9-2 Correlation 9-3 Regression 9-4 Variation and

Chapter 9 Slide 1 Correlation and Regression 9-1 Overview 9-2 Correlation 9-3 Regression 9-4 Variation and Prediction Intervals 9-5 Multiple Regression 9-6 Modeling Chapter 9, Triola, Elementary Statistics , MATH 1342 Slide 2 Section 9-1

1.12k views • 94 slides
Notes about correlation (for Asgn 2) Sharon Goldwater Sharon Goldwater Correlation Overview of

Notes about correlation (for Asgn 2) Sharon Goldwater Sharon Goldwater Correlation Overview of

Notes about correlation (for Asgn 2) Sharon Goldwater Sharon Goldwater Correlation Overview of assignment Exploration of distributional similarity. Work with data extracted from Twitter (co-occurrence counts) Compare different ways to

176 views • 13 slides
201ab Quantitative methods L.09: Correlation, regression (2) Alt-text: Correlation doesn't imply

201ab Quantitative methods L.09: Correlation, regression (2) Alt-text: Correlation doesn't imply

201ab Quantitative methods L.09: Correlation, regression (2) Alt-text: Correlation doesn't imply causation, but it does waggle its eyebrows suggestively and gesture furtively while mouthing 'look over there'. Linear relationship. X and Y can

1.06k views • 48 slides
Local Correlation with Local Vol and Stochastic Vol : Towards Correlation dynamics ? Pascal

Local Correlation with Local Vol and Stochastic Vol : Towards Correlation dynamics ? Pascal

Local Correlation with Local Vol and Stochastic Vol : Towards Correlation dynamics ? Pascal DELANOE, Structured Equity Derivatives HSBC 10th January 2014 Structured Equity Research (HSBC) Local Correlation with Local Vol and Stochastic Vol

730 views • 55 slides
Lecture 5: Edges, Corners, Sampling, Pyramids Thursday, Sept 13 Normalized cross correlation

Lecture 5: Edges, Corners, Sampling, Pyramids Thursday, Sept 13 Normalized cross correlation

Lecture 5: Edges, Corners, Sampling, Pyramids Thursday, Sept 13 Normalized cross correlation Best match Template Normalized correlation: normalize for image region brightness Windowed correlation search: inexpensive way to find a

1.08k views • 84 slides
Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo, Chu-Wee Lim and Chuan-Wen Loe Introduction Correlation Attack of Vectorial Stream Ciphers In this talk, we shall improve correlation attacks on

547 views • 41 slides
Masked Correlation Filters for Partially Occluded Face Recognition Eric He ICASSP 2016

Masked Correlation Filters for Partially Occluded Face Recognition Eric He ICASSP 2016

Masked Correlation Filters for Partially Occluded Face Recognition Eric He ICASSP 2016 2/24/2015 Partial Occlusions of Faces 2 Correlation Filters FFT IFFT Correlation Test Image Filter Training Images Filter Design T. Sim, S. Baker,

646 views • 25 slides
Interpretation of regression coe ffi cients Correlation and Regression Is that textbook

Interpretation of regression coe ffi cients Correlation and Regression Is that textbook

CORRELATION AND REGRESSION Interpretation of regression coe ffi cients Correlation and Regression Is that textbook overpriced? > head(textbooks) deptAbbr course isbn uclaNew amazNew more diff 1 Am Ind C170 978-0803272620

401 views • 27 slides
AUC: a Better Measure than Accuracy in Comparing Learning Algorithms Authors: Charles X. Ling,

AUC: a Better Measure than Accuracy in Comparing Learning Algorithms Authors: Charles X. Ling,

AUC: a Better Measure than Accuracy in Comparing Learning Algorithms 1 /16 AUC: a Better Measure than Accuracy in Comparing Learning Algorithms Authors: Charles X. Ling, Department of Computer Science, University of Western Ontario, Canada

326 views • 16 slides
Effectiveness of External Reactor Vessel Cooling (ERVC) Strategy for APR1400 and Issues of

Effectiveness of External Reactor Vessel Cooling (ERVC) Strategy for APR1400 and Issues of

Effectiveness of External Reactor Vessel Cooling (ERVC) Strategy for APR1400 and Issues of Phenomenological Uncertainties S.J. OH and H.T. KIM se_oh@khnp.co.kr and hyeong@khnp.co.kr Nuclear Environmental Technology Institute, Korea Hydro &

397 views • 23 slides
Academic and Athletic Performance Summary University of Virginia Athletics Academic Performance

Academic and Athletic Performance Summary University of Virginia Athletics Academic Performance

Academic and Athletic Performance Summary University of Virginia Athletics Academic Performance Summary Department Academic Progress Department Graduation Success Academic Year Rate (APR)* Rate (GSR)** 2005-06 972 84 2006-07 980 85

237 views • 5 slides
Accountable Care Collaborative: Medicare-Medicaid Program Community Partner Roundtable 10.21.14

Accountable Care Collaborative: Medicare-Medicaid Program Community Partner Roundtable 10.21.14

Accountable Care Collaborative: Medicare-Medicaid Program Community Partner Roundtable 10.21.14 Todays Agenda HCPF ACC RCCO SDAC PCMP PMPM KPI MMP SCP Todays Agenda WTH? The Accountable

367 views • 14 slides
New Lighting Hardware and Fan Accessories Presentation Features & Benefits Multi-finish

New Lighting Hardware and Fan Accessories Presentation Features & Benefits Multi-finish

New Lighting Hardware and Fan Accessories Presentation Features & Benefits Multi-finish Light Kit New 3-in-1 Indoor/Outdoor Schoolhouse Light Kit includes three 4 fitters in the most popular finishes: white, oil rubbed bronze, and

391 views • 6 slides
Case Presentation Hematopathology Robert P Hasserjian Massachusetts General Hospital Harvard

Case Presentation Hematopathology Robert P Hasserjian Massachusetts General Hospital Harvard

Case Presentation Hematopathology Robert P Hasserjian Massachusetts General Hospital Harvard Medical School Clinical history 24 yearold man presented with unintentional weight loss (1015 lb) and was found to splenomegaly and marked

295 views • 27 slides
n e i z d o h c y z r P z s a k u L f o y t r e p o r P n e i z d

n e i z d o h c y z r P z s a k u L f o y t r e p o r P n e i z d

n e i z d o h c y z r P z s a k u L f o y t r e p o r P n e i z d o h c y z r P z s a k Lukasz u L Przychodzien f 2015 PharmD o Candidate y t r e p Philadelphia o College of r P Pharmacy

739 views • 40 slides
Nilotinib: a selective choice for resistant and intolerant patients to imatinib Massimo Breccia

Nilotinib: a selective choice for resistant and intolerant patients to imatinib Massimo Breccia

Nilotinib: a selective choice for resistant and intolerant patients to imatinib Massimo Breccia Azienda Policlinico Umberto I Universit Sapienza Roma Introduction Nilotinib is a rationally designed novel tyrosine kinase inhibitor

480 views • 44 slides

More recommend