Checking Subscriber Compliance
A subscribed node is in compliance with a configuration if the settings for the node match those assigned to the configuration in ArcSight Management Center.
The configuration listed in the managing ArcSight Management Center is considered the baseline copy of the configuration.
For example, you create an SMTP configuration in ArcSight Management Center named Sample SMTP Configuration, with these values assigned:
-
Primary SMTP Server: Mailserver1
-
Secondary SMTP Server: Mailserver2
-
Outgoing Email Address: admin@example.com
A node would be in compliance with this configuration if the values for its primary and secondary SMTP servers, and outgoing email address, matched the values in Sample SMTP Configuration.
If any one of these values were different (for example, if a node had a primary SMTP Server of CorporateMail1) the node would be out of compliance.
You can manually check the compliance of all subscribers to a configuration.
To manually check subscriber compliance for a configuration:
-
Click Configuration Management > Subscriber Configurations > All Configurations.
Tip: To filter for a specific subscriber configuration type, select the desired configuration type from the Subscriber Configurations sub-menu.
-
In the Configurations table, select the configuration to be checked for compliance.
-
Click Check Compliance. All subscribers to the selected configuration are checked for compliance.
-
On the Configurations table, the Compliance column shows the aggregated compliance of all subscribers.
-
On the Subscribers tab for the configuration:
-
The Last Compliance Check column is updated to show the most recent check.
Automatic compliance checks will run every 12 hours. So this will be the date and time of the latest automatic check. -
The Compliance column indicates the individual compliance of each node.