ArcSight Interset Quick Start Guide

Get started with ArcSight Interset’s behavioral analytics by walking through common use cases and capabilities.

  • Getting Started

    Getting Started

    ArcSight Interset empowers security teams to expose and assess elusive threats that would have otherwise not been noticed. This page leads you through the various capabilities of ArcSight Interset to optimize your time-to-value.

    • Contextual Behavioral Anomalies
    • Actionable Insights
    • Improved Security Posture
  • Introduction to the Interface

    Introduction to the Interface

    ArcSight Interset distills billions of events into a prioritized list of high-quality security leads to accelerate the efforts of your SOC. The interface offers you more details into the behaviors of users and entities within your enterprise.

    You can view a summary of the overall risk assigned across the entire system. In addition, you can view the top risky entities of each type and drill down into the risk history for each entity.

    • Total Events Analyzed
    • Anomalies and Violations
    • Active Risky Entities
    Overall Risk page in ArcSight Interset interface
  • Entities


    Entities are the foundation of ArcSight Interset analytics, and are the objects involved in behaviors. Observed entities appear highlighted in the interface based on your organization’s configuration and the data.

    • Users
    • Machines
    • Controllers
    • IP Addresses
    • Printers
    • Projects
    • Resources
    • Shares
    • Websites
    • Files
    • Servers
  • Anomalies and Violations

    Anomalies and Violations

    ArcSight Interset uses Anomalies and Violations to represent observed unusual and/or potentially risky behavior that threatens your organization. They contribute to the overall risk scores ArcSight Interset assigns to each entity it tracks.

    The Explore page presents an overview of anomalies and violations which may be filtered by entities and tags. The time window can also be adjusted, allowing your SOC to focus on key areas.

    • Extreme Risk
    • High Risk
    • Medium Risk
    • Low Risk
    Extreme Risk High Risk Medium Risk Low Risk
  • Collaborate with your Team

    Collaborate with your Team

    ArcSight Interset provides five possible flags that you can use to characterize or mark individual anomalies and violations to improve communication within your SOC team. Coordinate your activities with other analysts by flagging users, entities, or activities. For example, mark a protentional risky user with a Case Flag to ensure a file is created on the individual. Your team can customize these flags to the unique needs of your SOC.

    Collaborate with your Team

Stay up to date

Discover new content and use cases

Now Available: ArcSight 2020.2

ArcSight 2020.2 includes the release of ArcSight Interset 6.1 which marks the full integration of Interset into the ArcSight architecture.

Webinar: Defending against Insider Threats with ArcSight Interset for CrowdStrike

Detect, react to, and mitigate insider threats in your organization with CrowdStrike endpoint data and behavioral analytics.

UEBA and MITRE ATT&CK: Detecting APT 29

Understand APT-29, how to detect it, and ArcSight's alignment with the MITRE ATT&CK framework through behavioral analytics.

release-rel-2020-10-2-5387 | Wed Oct 28 21:33:24 PDT 2020
Wed Oct 28 21:33:24 PDT 2020