I need integrate anomali system with arcsight ESM, how can i do that ?
- What software you are using>>>ESM
- What version you are on>>>7.8
- What operating system it is running on>>>linux redhat
Cybersecurity
DevOps Cloud
IT Operations Cloud
I need integrate anomali system with arcsight ESM, how can i do that ?
Hi Mohamed Gamal ,
you might have 2-3 options, given the minimal information about "anomali"
1) SYSLOG:
- install ArcSight smart connector, configure to listen on UDP/TCP syslog @ some port you like
- point your connector to the ESM
- send syslog output from your system to smart connector
- pray there is a parser and categoriser already available, if not develop one
2) API:
- install SC, configure as rest API,
- select anomali if present, if not develop FLEX restapi needed files for rest API)
3) Database
- install SC, configure for fetching Data from DB
- select anomali if present, else develop FlexDB connector
help needed ?
Micro Focus ArcSight FlexConnector Developer's Guide
"Boy Meets ArcSight" or "the fairy tales of a ill-treated ArcSight admin" --- Epsiode 1.0 - custom syslog parser --- - ArcSight Discussions - OpenText ArcSight
cheers
A