Downloading Arcsight reports with the SOAR

Hello everyone !

Could you please help me with ideas for a problem I'm currently facing.

In our company, we just integrated the SOAR platform. And there are a bunch of tasks that we'd like to automate land the first one is sending the reports to our customers.

And I've been googling around to find the best approach for this to no avail.

Let me explain the current situation and and the whole issue, maybe by knowing it all, you'd be more able to help :

_ We start by generating daily reports activities of each of our customers from the Arcsight Reports resource.

_ So by doing so, the reports get stored in the archives and on the local ESM folder /opt/arcsight/manager/reports/archive/Archived Reports.Meta.Group.

_ So the reports are retrieved later through sftp connection by our L1 team who send them to our different customers through our ticketing system.

So we'd like to automate the whole process by sending the reports directly from the SOAR. There is already a SMTP client connected on it.

But what I'm stucked at is how to make the SOAR app retrieve the reports...FYI, I was able to connect the SOAR and the ESM through the SFTP integration module on the SOAR.

I'll be really grateful for any help or new ideas on handling this task.

Thanks in advance,

Marty

Tags: