• ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
  • Accessing a REST API which requires a cookie

    The Broadcom email security service API uses a local cookie to track variables in the request process: requestor connects to a "reset" URL which creates a local cookie with a date/time entry which describes the oldest data to request - This uses LWPCookieJar…
  • ArcSight API to create Active List

    Wondering if anyone can advise on this: We would like to use ArcSight API in Creating an Active List from a third party. I found an API for Active list operations on the manager-service: https:// local :8443/www/manager-service/services/listServices…
  • Arcsight rule document

    Hello , Its been several years and many updates so far but still there is no API to get rules and its features that created via arcsight console... There buch of api services are created on rest API why dont you create an API service for RULES ? We…
  • REST connector

    Hello, I need to get data from VProtect - backup software - through API it offers. I was trying to get JSON out of it with a success, but it requires a timeframe instead of just start time in API request. Format which works looks like this: …
  • "Rolling" Query View for Arcsight ESM API

    I would like to process certain events outside Arcsight ESM. To do that I set up a Query and Query Viewer and access the Query Viewer through the API… however I have more than 10k events per minute. The highest refresh rate on the query I can get is 10k…
  • VeloCloud integration

    Hi All, Has anyone integrated VeloCloud with ArcSight? Any tips/advice? It seems that the only option is via API. Been looking for documentation and have found some on the web, though I am wondering if anyone has already done it and willing to share any…
  • Monitor ESM via shell or API

    Hey Guys, after searching through the community and reading some documentations I didn't found anything for my issue. In our company there is a grown monitoring system (icinga/nagios) and we would like to monitor the ESM over this system. Is there any…
  • SharePoint integration through REST API Flex Connector

    As a part of a project, it is necessary for me to integrate ArcSight ESM with an MS SharePoint-based website, the most reasonable way of doing which seems to be via a REST API FlexConnector (the SharePoint site acts as an event source). When trying to…
  • ArcSight API: No examples for sendCommand

    Hi All, I need help in understanding the sendCommand request. So in ConnectorService?wsdl this is the xml: <xs:element name="sendCommand"> <xs:complexType> <xs:sequence> <xs:element minOccurs="0" name="authToken" nillable="true" type="xs:string"/> <xs…
  • Understanding ESM API documentation

    Hi all, I'm developing a new tool and I need to interact with ESM API. I want to craft url requests with Python instead of Java and I use both urls as documentation: esm:8443/.../listServices esm:8443/.../listServices Checking WSDL sections I don't see…
  • Where did the love for the REST API go?

    I have been following the development of the ESM API for quite some time now, and there has always been mentions about it having extended features in newer releases, and that it will get better over time. Yet for every release i check the API documentation…
  • Connector that makes Automatic API Calls

    Is there a type of connector that AUTOMATICALLY makes API Calls in a way that is transparent to the user ? I want ArcSight to check automatically a certain field against an API and return a certain value maybe in a JSON String which we will parse. not…
  • ESM REST API results for aggregated base events always have count of 0

    Hello all, I'm using the ArcSight ESM's REST API (esm:8443/.../getSecurityEvents) to collect event information with an external script. ESM v6.9.1. The WSDL file describing the securityEvent schema shows 3 fields that appear to hold 'count' information…
  • Feeding active lists with key fields throught ESM REST API (addEntries)

    Dear all, I'm trying to feed active lists in ESM 6.11 throught the REST API. It works if the active list has been defined without key fields, but not if it has any key field. The problem is that I need to use a key field, because the active list is a…
  • REST API FlexConnector $START_AT_TIME variable

    We are attempting to use the REST API FlexConnector to pull from a vendor's cloud. The issue we are running in to with many of these REST API FlexConnector implementations are the limited number of dynamic parameters that the connector allows us to use…
  • arcsight dashboard connector status access by third party application

    Hi, Our environment has an application which is usually used to monitor all the tools which are used internally in our team.So,we plan to incorporate the dashboard connector status of Árcsight console to this application for monitoring(Dashboards->Arcsight…
  • how to change user password with api

    Due to internal compliance we're looking for a way to change a user password using in an automated way, like using the API for ESM, loggers and ArcMC, is there any detailed documentation on how do is? The API would be the best way to it for automation…
  • Set value in Event Annotation Comments thru API call on Correlated event

    Hi all I just wanted to know if there is a way to add a string in an existing Correlated Event to indicate certain action was taken (e.g. "Escalated") by having the EventID for the Correlated Event. The idea is to do it externally, thru an API call: I…
  • Export to External System - including base events

    Basically, we have a feature called “Export to external system” as an action for a rule. This allows you to export the data from ESM to some sort of external system for it to collect and process the data as needed. There are a few things you need to do…
  • Search events 10000 max limit in Logger 6.2 REST API

    Hi all, we are hitting this limit of 10000 events in Logger 6.2 REST API. How can we remove or adjust this limitation? Thanks in advance!
  • Using ArcSight ESM API, QueryViewers and getMatrixDataForDrilldown

    Hi, Anyone know what are these parameters? drilldownSourceID - drilldownID - fieldValueList Im am using the ArcSight ESM 6.8.0. I have build many QueryViewers from the console linked to each other with DrillDowns. Now i want to use a specific DrillDown…
  • Running a Logger Report via API for CSV results on demand via Python

    Recently a customer asked how to get CSV results from a Logger report to an external system. This can be done using Logger GUI to email report results on a scheduled basis or on demand, but this customer wanted to get the CSV results onto a fileshare…
  • Get data from More then one API in FlexConnector REST

    Hello Guys, I have one system that provides data in different APIs.And, it has around 100 of them. I already have set a FlexConnector REST up, which gets data from one API call. But I don't know how to use the same for more than one API. It is not feasible…
  • Command Center customizations

    Hi, In an MSSP environment, it is nice to offer to a customer the ability to see his dashboard, without giving him access to the entire arcsight infra. This is doable with ArcSight Web, but not with Command Center. Basically I need to be able to view…