HPE ArcSight IdentityView

HPE ArcSight IdentityView is a user activity monitoring application built on the HPE SIEM platform. It monitors user activity across all accounts, applications, and systems. This enables organizations to understand who is on the network, what data they see, and which actions they take with that data. The result is greater security, better access governance, and faster forensic investigations.

HPE ArcSight IdentityView combines the broad activity collection and correlation of SIEM with user and role data from identity and access management (IAM) and directory technologies. HPE ArcSight IdentityView enriches log events with user information, and as a result, organizations get a complete picture of user activity, including monitoring high risk privileged and shared accounts.

IdentityView includes:

— pre-built connectors to leading IAM systems, to import users and roles;
— specialized reports for activity-based role modeling, access violations, and enterprise-wide separation-of-duties tracking;
— “Unique ID” mapping to tie all of a user’s activity to a single identity;
— activity profiling to determine combinations of actions that raise a warning. For example, IdentityView can scan the activities of the last 50 terminated employees to see which actions might serve as early warnings about future at-risk employees;
— automatic watch-list creation and escalation to different severity levels;
— out-of-the-box rules for fraud detection, unauthorized actions, etc.

ArcSight IdentityView helps organizations monitor the most common user scenarios:

— privileged user and account monitoring;
— IP address to user mapping;
— shared account tracking;
— terminated employee/contractor
access detection;
— role-based controls reporting;
— multi-account correlation;
— separation of duties violation detection.