Compatibility Questionnaire: ArcSight, Inc. (ArcSight ESM) — Archive
Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.
Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.
Organizational Information
Name of Your Organization:
Web Site:
Product Information
Product/Service Name:
Compatible Categories:
OVAL Results Consumer
Product/Service Home Page:
Product Accessibility
Schema Currency Indication
Schema Currency Update Approach
Platform and Definition Type Support
Approach for Correction of Errors
Compatibility Documentation
Documentation of Finding Elements Using OVAL
- Using the vulnerability navigator, the user can use the "resource graph" or "resource grid" feature by right-clicking on a resource to show the resources associated with a vulnerability (in this case an asset). See documentation pages 7 and 17.
- If an event is reported in ArcSight, the user can right-click on the event and immediately get to the associated vulnerability resource. (See attached documentation, page 59).
- General handling of vulnerabilities is described on pages 115 and following in the documentation attached.
- ActiveChannels can also be used with a filter to search for a vulnerability. (see attached documentation p. 29-32)
Documentation of Finding Results Information from Elements
Documentation Indexing of OVAL-Related Material
ArcSight uses a concept called reference pages for documenting individual aspects of the product. By right-clicking on elements in the ArcSight Console, the user can choose to get all the reference pages associated with an object.
Reference pages are described on page 220 of the documentation. Furthermore, each ArcSight SmartAgent comes with an installation documentation (see attached).
OVAL-ID Output and Searchable
Finding Elements Using OVAL-ID
- ArcSight uses a full-text search capability to search individual resources in the system.
- Using the vulnerability navigator, the user can use the "resource graph" or "resource grid" feature by right-clicking on a resource to show the resources associated with a vulnerability (in this case an asset).
- If an event is reported in ArcSight, the user can right-click on the event and immediately get to the associated vulnerability resource.
- ActiveChannels can also be used with a filter to search for a vulnerability.
Finding OVAL-ID Using Elements in Reports
Questions for Signature
Statement of Compatibility
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory Compatibility Requirements as well as all of the additional mandatory Compatibility Requirements that are appropriate for our specific type of capability."
Name: | Raffael Marty | |
Title: | Senior Security Engineer |
Statement of Accuracy
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of OVAL schema and logic."
Name: | Raffael Marty | |
Title: | Senior Security Engineer |
Statement on Follow-on Testing Activity Support
Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):
"As an authorized representative of my organization, we agree to support the Reviewing Authority in follow-on testing activities, where appropriate types of files will be exchanged with other organizations attempting to prove the correctness of their capabilities."
Name: | Raffael Marty | |
Title: | Senior Security Engineer |
Page Last Updated: December 17, 2009