• Creating Dashboards Using Active List Data in ArcSight

    Hi, I have a use case where I want to create dashboards using data from an Active List in ArcSight. My questions are: Can I create the dashboard using active list in Logger? Which components of ArcSight can I use to create dashboards with Active…
  • Automating Python Script Execution with Event Fields as Parameter in ArcSight

    Hi, I'm new to ArcSight and have a use case where I need to execute a Python script at specific time intervals which call the third party APIs. The script will take certain fields from the events as parameters. My questions are: How can I automatically…
  • Storing Script Command Results for Dashboard Creation in ArcSight

    Hi, I have a use case in which I have scheduled a script integration command using a rule. The script command returns result data, and I would like to use that data to create a dashboard. My question is: Where can I store the result data from the…
  • Best Component for Creating Dashboards in ArcSight

    Hi, I'm new to ArcSight and would like to create dashboards. However, I'm a bit confused about which component of ArcSight is best suited for dashboard creation, as there are several components available. Could someone please guide me on which one…
  • Executing Integration Command with Parameters Using a Rule

    Hello, I'm new to the ArcSight platform and need assistance with a requirement. Specifically, I want to execute a script and store the results in a lookup file. Here's the overall workflow: I have created a rule that is scheduled to trigger every…
  • Executing Integration Command with Parameters Using a Rule

    Hello, I'm new to the ArcSight platform and need assistance with a requirement. Specifically, I want to execute a script and store the results in a lookup file. Here's the overall workflow: I have created a rule that is scheduled to trigger every…
  • Creating and Integrating a Smart Connector into the Existing ArcSight Infrastructure

    Hello, I’m new to the ArcSight platform and I’m looking to integrate a third-party threat intelligence feed with ArcSight. The feed data will be provided through an API, and I want to ingest this data into ArcSight for threat analysis. ArcSight already…
  • pypi.org showing as suspicious in Virus Total Arcsight Intelligence

    pypi.org is a genuine Python package distribution site which is showing suspicious in Virus Total Arcsight Intelligence. For all others it is clean. Please help.
  • ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
  • ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException: Status code 405 from server

    Hi Team, I am receiving following error message when I try to login ArcSight Command Center using SAML2 authentication ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException…
  • Report on total security event collected for a month

    How can I generate a weekly or monthly report on the total number of security events collected from all connectors in ArcSight ESM?
  • Report false positive for ArcSight Threat Intelligence

    Nous avons récemment découvert que notre site web a été ajouté à la catégorie "suspicious" d'ArcSight Threat Intelligence via l'outil VirusTotal. Nous avons tenté d'envoyer une demande à ces adresses email : arcsight-virustotal@microfocus.com et mfi-cyberresarcsightsales…
  • The flex connector displays the Ukrainian language incorrectly in the arcsight console

    Hello. I've tested many options from other articles on this topic, but I still haven't been able to solve this problem. My flex connector parses events where the entire text in Ukrainian looks like this when output to the ArcSight console: Maybe…
  • Active lists and correlation rules

    Hi There is a Python script that receives data from an external resource, processes this data and saves it in the appropriate files. From these files, the flex connector regex file receives processed information in CEF format and sends it to ArcSight…
  • rsyslog and regex file flex connector

    Hi rsyslog logs events from the VPN server to an input file. This file is processed by the arcsight regex file flex connector. The problem is that the events do not come to ArcSight, but if you create a separate file, add the events there manually,…
  • Denial of service event filtering triggered

    Hi I have several events that I process as one common event using a flex connector: Jul 22 08:10:28 02-IBZ-KPXGTW-08 desktop-users-srv[2640834]: 100.000.0.0:33333 c0ad05273533495f VERIFY OK: depth=0, SN=First Name Last Name, GN= First Name Last Name…
  • Scheduled playbook editor in SOAR

    Hello everyone, I've been trying a build a python script through the scheduled playbook editor on the SOAR but I'm facing some difficulties: First, I checked the python interpreter installed on it. import sys print(sys.version) 2.7.3.1-SNAPSHOT (version…
  • Multiline regex

    Hi I have a block of 3-4 events that need to be processed as one common event. As advised, I used multiline.starts.regex and multiline.ends.regex The problem is that each of the events that need to be combined and processed as one starts with a…
  • Parsing multiple events as one

    Hello A file has a certain set of fields, as in the example below. These events are combined into small groups of 3-4 events (they are united by a common theme), and there is a gap between these groups for visibility. As far as I know, the connector…
  • Manager receipt time is one hour less than the time in our time zone

    Hello. It turned out to be a problem specifically for the Linux system, that the manager receipt time is one hour less than the current time. (By Linux I mean ArcSight console installed on Ubuntu). If the console is on Windows, then there is no such…
  • The Flex connector ignores events because they contain Cyrillic

    Hi Does anyone know how to work around the problem where the flex connector does not collect events in ArcSight because they contain Cyrillic text. P. S. Tested on working connectors, so I am 100% sure that this is the problem. Thanks in advance…
  • Is it possible to make the SOAR use local server files ?

    Hello everyone, I'm trying some configurations where I need the SOAR to use local files and send it to some other parties by mail. Is that possible ? Best Regards, Marty
  • Use the active list to detect suspicious IP addresses in any event and change the criticality level to maximum

    Hi Help me implement the mechanics of detecting suspicious addresses in arbitrary events using an actin list. Now I'm trying to describe a rule that will compare the Indicator Value list column and the Device Address field of the event and if there…
  • The rule for adding events to the active list in real time stops working after the first run

    Hi I have a connector that sends events in CEF format to ArcSight. I created an active list and described a rule that listens for events with the fields Device Vendor = AlienVault and Device Product = OTX and adds them to the active list. Everything…
  • Firepower/ArcSight

    Hello There is Firepower, from which events are received in ArcSight using eStreamer. I don't know which connector is used for this. The problem is as follows: packet data has a custom field with a HEX code that can easily be transformed into a…