Dear Friends,
I have a requirement about KPI, I ever achieved it through
ArcSight, But I don`t know if Sentinel can achieve the need(now I am
working in Novell) , ArcSight collect IPS events, Customer need a report
to summary monthy security event score by priority, requirement is
following, how does arcsight implement? at first, building a active list
table included following information, then building a query, the query
surpport to build variable and reference active list and the variable
used query fields to calculate Score, Then building a Trend to invoke
the query and schedule daily 2:00 exclude, report invoke the trend to
implement monthly report KPI Score, How to implement it via Sentinel?

Priority Desc NewPriority Weight Event Count(Monthly) Score
Very High 0.004 50% 4000
High 0.0005 20% 30000
Medium 0.0001 15% 15000 0.225000

Low 0.00005 10% 10000
Very Low 0.000001 5% 10000

KPI Value 88.72

Security Health Good

KPI Value = 100-SUM(Priority * Weight * Event Count)

steve_zeng's Profile:
View this thread: