Hello,
I'm new to the ArcSight platform and need assistance with a requirement. Specifically, I want to execute a script and store the results in a lookup file. Here's the overall workflow:
- I have created a rule that is scheduled to trigger every hour.
- When the rule is triggered, I want to extract the data from the past hour and identify the Indicators of Compromise (IOCs) within that data.
- I have created an integration command that accepts the extracted IOCs as parameters.
- The script will return an enriched result that I want to store in a lookup file.
My questions are:
- How can I extract the IOCs from the past hour's data and pass them as parameters to the integration command within the rule?
- How can I store the results returned by the script command into a lookup file (or any other storage, from which I can create a dashboard with the data)?
Any other workflow that satisfies my requirement, please suggest it.
Any guidance or insights would be greatly appreciated!
Thank you,
Prashant Nakum