EPS counts in siem(Log monitoring)

1,355 views
Skip to first unread message

Raghavendran Gopal

unread,
Jan 19, 2015, 1:08:03 AM1/19/15
to null-...@googlegroups.com
How to Calculate the eps counts in each devices for siem in the cooperate organization?

Amar Deep Singh

unread,
Jan 19, 2015, 1:44:06 AM1/19/15
to null-...@googlegroups.com

On Mon, Jan 19, 2015 at 11:38 AM, Raghavendran Gopal <rocki...@gmail.com> wrote:
How to Calculate the eps counts in each devices for siem in the cooperate organization?

--
_______________________________________________________________________________
Register for HackIM Powered by EMC, win Samsung gear,Arduino,nullcon pass,2 nights stay!
Details: http://ctf.nullcon.net nullcon - the neXt security thing!
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Raghavendran Gopal

unread,
Jan 19, 2015, 5:15:59 AM1/19/15
to null-...@googlegroups.com
Hi Amar,

I also already check those links you posted here and also referred the SIEM book by david miller, I would know whether the eps rate is depends on various siem vendor specific on each devices? Please yelp me out?

Rajesh A.

unread,
Jan 19, 2015, 7:35:14 AM1/19/15
to null-...@googlegroups.com

Each vendor have their own calculation for EPS of each device.  Sorry I have limited access for detailed reply. If u contact dealer of IBM SIEM or HP they have specific excel file to calculate this as their license is EPS based..

Raghavendran Gopal

unread,
Jan 19, 2015, 7:41:31 AM1/19/15
to null-...@googlegroups.com
Thanks raj,

Sandeep

unread,
Jan 19, 2015, 8:08:00 AM1/19/15
to null-...@googlegroups.com
http://eromang.zataz.com/2011/04/12/why-and-howto-calculate-your-events-per-second/

Thanks
Sandeep

                            

Pratul Anand

unread,
Jan 24, 2015, 2:16:41 AM1/24/15
to null-...@googlegroups.com
Hi,

In specific to ArcSight. You can pull out report for a day which contain device name, device vendor and event count field. These details can be pulled by creating query device vendor != ArcSight.

If you pull out this report you can find out EPS for each and every device.
Thanks and Regards
 
Pratul Anand

akshay innamuri

unread,
Jan 24, 2015, 5:57:23 AM1/24/15
to null-...@googlegroups.com
In Arcsight
All Reports --> ArcSight Administration --> ESM --> Licensing
shows the EPS count

EX: If this are the number of events per day (64429515), than Yes, you are calculating correctly:

64429515/86400 (no. of seconds in a day) = 745


in IBM Qradar:

you need to create the log activity search with grouped=logsource, which gives you details of eventcount and events and you need to calculate manually


totalevent/no. of days *3600(for 1 day),*2 for 2days etc


Achi
Reply all
Reply to author
Forward
0 new messages