Using Visio 2003 to Create

ESM Image Viewer

Gary Freeman
ArcSight Geek
Canada
Agenda
 Visio For Power Users
 Reference Material
 Tutorial #1: Creating a Visio Image
for ESM
 Tutorial #2: Using ESM Image Editor
Visio For Power Users
 Most Used Short-Cuts
 Ctrl-S: Save!
 Ctrl-D: Cloning
 Ctrl-1: Pointer Tool
 Ctrl-2: Text Tool
 Ctrl-Shift-F: Bring To Front
 Ctrl-Shift-B: Send To Back
Reference Material
 Visio 2003 Quick Guide PDF
 Stencils / Templates www.visiocafe.com
 Visio Guy www.visguy.com
 MS Visio Help Online http://office.microsoft.com/en-
us/visio/FX100649221033.aspx?CTT=96&Origin=CL10063631103
3
 Visio 2007 Viewer
http://www.microsoft.com/downloads/details.aspx?FamilyId=D88
E4542-B174-4198-AE31-6884E9EDD524&displaylang=en
 Visio 2003 / 2007 Feature Comparison
http://office.microsoft.com/en-us/visio/fx101759431033.aspx
 VSDfx 3D Isometric Shapes
http://www.visiocafe.com/downloads/vsdfx/VSDfx-3D.zip
 Tutorial #1 finished drawing
Reference Material: Visio Shortcuts
Tutorial #1: Creating a Visio Image for ESM

Scope:
 Create image from scratch for logical
Device Category monitor and import
into ESM Image Editor
Tools:
 Visio 2003
Difficulty:
 Moderate
Skills Learned:
 Shortcuts
Tutorial #1: Creating a Visio Image for ESM

1. Create a new
drawing with
landscape orientation
and metric units
2. Create a rectangle
254 mm x 130 mm
(approx) and select
“Shapes > Center
Drawing” and
“Shapes > Align” and
center horizontally /
vertically and choose
“Create guide
and glue shapes to
it”
3. Select the shape and
select the “Fill Color”
tool and select Gray-
50%
Tutorial #1: Creating a Visio Image for ESM

4. Create a smaller 242

mm wide x 10 mm high
rectangle shape on the
grid above the existing
rectangle
5. Right-mouse click and
select “Format > Fill”
and select the Pattern
drop-down and select
“30:” (ramp up) and
Pattern Color “16:” and
click Ok
6. Double click on the new
box and type “Device
Categories” and change
the font size to 14
7. Move the box down so it
becomes the header for
the larger rectangle.
Tutorial #1: Creating a Visio Image for ESM

8. Select heading object and

press Ctrl-D to duplicate it
9. Resize the new cloned
object to 115mm x 48mm
and place in upper left
quadrant of the drawing
10. Now select the object and
right-mouse click and
select “Format > Text”
and then change the “Text
Block” alignment to “Top”
and click Ok.
11. Double-click on the new
object and change the
text to “Security Devices”
12. Duplicate the new object
three more times and
change the text to
“Network Devices”,
“Operating Systems” and
“Applications”
13. Create additional guides to
align the shapes and the
spacing between the
shapes
Tutorial #1: Creating a Visio Image for ESM

14. Add additional boxes

inside each of the device
quadrants and add
ramped fills (lighter gray
than outside box with
ramp in opposite
direction).
15. Use either the default
Visio stencils or the VSDfx
stencils (link above) to
add icons relative to the
device categories.
16. Select all of objects (Ctrl-
A) and then group them
(Ctrl-Shift-G) and save the
drawing.
17. Finally, export the drawing
as a JPG by selecting
“Save As” and clicking the
drop-down for “Save as
type” and select “JPG File
Interchange Format
(JPG)”, click Save.
18. In the save dialog adjust
“Quality” to 100% and
select “Resolution >
Custom” and change from
96x96 pixels to 110x110.
19. Click Ok.
Tutorial #2: Using ESM Image Editor

Overview
 Enable Image Editor in console by
editing .ast file
 Start Image Editor and Import image
 Associate chart objects with filters
 Save and run Image Viewer
What’s not covered:
 Creation of the filters used by the
image viewer
Tutorial #2: Using ESM Image Editor

1. Close any instance of the ArcSight

Console.
2. Locate the file
ARCSIGHT_HOME\Console\Current
\admin.ast (or whatever username
is being used to access ESM)
where the ArcSight Console is
installed and open the file in a text
editor and add the following line
(and then save):
console.ui.imageEditor=true
3. Start the console and login with
the “admin” user and click on the
Views file menu option and select
Image Editor. You will now have
access to the image editor with an
empty palette.
4. Click on the “Magnetic Grid” icon
and select “Activated and Visible”,
change grid spacing to “10” and
select ‘Display Lines” and click Ok
(the dialog will not go away and
you’ll have to close it manually).
Tutorial #2: Using ESM Image Editor

4. Within the Image Editor, select the

New Image Entry icon on the top of
the left-hand tool list and click
anywhere on the palette to bring up
the open file dialog and select the
image you saved in the first tutorial.
Tutorial #2: Using ESM Image Editor

5. Next, click the vertical bar chart object on the toolbar and click the area
within the “Security Devices” quadrant. A dialogue will be displayed
requiring input. Enter the following details:
Node Name: SecurityDevices
Node Label: SecurityDevices
Assoc. Filter: (I created one that uses Express Firewall, VPN and AV filters)
Drill Down: Grid Table
Viewer Name:
SecurityDevices
Viewer Params:
(auto-populated)
6. Click Ok.
7. Once saved the chart
object will have to be
adjusted manually
using the anchors
to be centered and
sized correctly within
the drawing quadrant.
Use the magnetic grid
to assist in placing.
Tutorial #2: Using ESM Image Editor

8. Once you have created the first object, select the chart and click on the
Copy and then the Paste toolbar icons. A copy will be pasted that will have
reverted to the default chart size. Use the first chart object you have
formatted as a reference and manually resize the pasted object (the
Image Editor does not have any guides or sizing tools apart from selecting
the anchors).
9. Once you have copied and pasted the remaining
three chart objects, right click on each and select Copy Paste
“Properties” and rename all of the Nodes Names, Node Labels and Viewer
Names with the names of each device type. Select the correct filters for
each type. When you are done the properties for each chart object will be:
Tutorial #2: Using ESM Image Editor

10. Now the Image Viewer is complete. Save it by clicking the Save icon on
the toolbar and when prompted name the ArcSight Image Viewer
“DeviceMonitor” and select “Default Viewer” and “Ok”.
11. Next, start the Replay Agent and start
sending demo events to ESM. Open the
“Live” channel and select the “Select Channel
Viewer Type: icon on the bottom right corner
of the channel window and select “Image
Viewer > DeviceMonitor” to display the new
image.
Tutorial #2: Finished Product
 Disclaimer:
The content provided in this instructional presentation is not supported as official ArcSight training
material and is not supported by ArcSight. Moreover, the content is intended to familiarize the audience
with advanced features that are usually performed by ArcSight Professional Services.
If the content you have created as a result of this tutorial does not work or causes unexpected results
ArcSight is in no way liable as this instructional content was provided as is and is not official ArcSight
ratified content.

Caveats:
While the ArcSight ESM Image Viewer is aesthetically pleasing as a custom dashboard, special
consideration must be used in planning the number of chart objects and filters used in the creation of
this project since the 4.x version of ArcSight ESM uses a separate Active Channel to populate the chart
objects. As an example, if you have a global map depicting chart objects for 15 different countries, you
are essentially opening 15 consecutive Active Channels to populate the objects on the map.

Finally:
Gary Freeman is the sole creator of this content and does not represent ArcSight with this content nor
does this content reflect the views or best practices of ArcSight, Inc. Should you have any questions or
concerns please contact gfreeman@arcsight.com. However, please note, this content is provided “as is”
and I can not guarantee the effectiveness of the material nor be held accountable for any mishaps
resulting in damages, service interruptions, outages or any other synonym for “unexpected loss of
service”.

www.arcsight.com © 2009 ArcSight Confidential 18