ESM ArcSight – how to convert events for Replay (Test Alert) agent
The “Replay” (also known as Test Alert) agent at the ESM ArcSight – is a very powerful tool for developing and debugging rules. You don’t need to wait until a real (and probably rare!) event will be received by the ESM Manager only to check that the rule produced incorrect result. Of course a test … Read more