Re: Help!I'm being DoS'ed by our own stupid SIM!!

["Steven Adair" <steven () securityzone org>]

What does this have to do with the security-basics mailing list and why
was a product bash e-mail allowed to pass through?  Are you actively
seeking help in tuning your ArcSight setup or are you just looking to
complain about it?  I have never used ArcSight, beyond a demo, so I cannot
actually personally attest one way or another.  However, I know multiple
people that have used it or admin over ArcSight installs that do not have
major problems.

It sounds like you should get in touch with ArcSight's technical support
people.  Perhaps they can better help you (if that's what you're looking
for..).

Steven

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Our CIO insists on using this app...   ArcSight's Threat Response
> Manager is causing WAY more headaches then security.I don't have time to
> do what I should be doing,because this BEAST thinks normal network
> activity is hostile!
>
> A weapon in one hand or a turd in the other,the way I see it!
>
> Rant over!
>
> Please DO NOT let anyone talk you into trying this.It finds so many
> false positives,it will throttle your bandwidth to a point where it is
> unusable!
>
> I know ArcSight will get mad about this post,but truth be told"Get a
> Grip,PLEASE"!
>
> Help,not hurt your fellow bro's here!
>
> Anyway,Hope this helps,
>     Scott
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGd2ekelSgjADJQKsRAgMOAKCyw/18sPiu/48oxPLN2snMJFE4nACaAgps
> YNviYot5xdv6SZzYEHYEGC0=
> =cg1S
> -----END PGP SIGNATURE-----