Get started with ArcSight Interset’s behavioral analytics by walking through common use cases and capabilities.
ArcSight Interset empowers security teams to expose and assess elusive threats that would have otherwise not been noticed. This page leads you through the various capabilities of ArcSight Interset to optimize your time-to-value.
ArcSight Interset distills billions of events into a prioritized list of high-quality security leads to accelerate the efforts of your SOC. The interface offers you more details into the behaviors of users and entities within your enterprise.
You can view a summary of the overall risk assigned across the entire system. In addition, you can view the top risky entities of each type and drill down into the risk history for each entity.
Entities are the foundation of ArcSight Interset analytics, and are the objects involved in behaviors. Observed entities appear highlighted in the interface based on your organization’s configuration and the data.
ArcSight Interset uses Anomalies and Violations to represent observed unusual and/or potentially risky behavior that threatens your organization. They contribute to the overall risk scores ArcSight Interset assigns to each entity it tracks.
The Explore page presents an overview of anomalies and violations which may be filtered by entities and tags. The time window can also be adjusted, allowing your SOC to focus on key areas.
ArcSight Interset provides five possible flags that you can use to characterize or mark individual anomalies and violations to improve communication within your SOC team. Coordinate your activities with other analysts by flagging users, entities, or activities. For example, mark a protentional risky user with a Case Flag to ensure a file is created on the individual. Your team can customize these flags to the unique needs of your SOC.
Discover new content and use cases
