• ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
  • ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException: Status code 405 from server

    Hi Team, I am receiving following error message when I try to login ArcSight Command Center using SAML2 authentication ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException…
  • Logger communication to ESM disrupted due to CA update

    Issue occurred when I updated the CA for Logger which stopped the SmartConnectors from forwarding to the Logger receivers, this was fixed and are now working, however I have a forwarder to ESM which has stopped working, how do I update ESM keystore to…
  • External SAML2 Authentication - ArcSight Command Center WebUI

    Hi Team, I'm getting an HTTP 405 error message, and it seems the assertion URL for Entra ID is incorrect after setting up the External SAML2 authentication method. Can someone help me identify the correct assertion URL for External SAML2 authentication…
  • Report on total security event collected for a month

    How can I generate a weekly or monthly report on the total number of security events collected from all connectors in ArcSight ESM?
  • Is it possible to make the SOAR use local server files ?

    Hello everyone, I'm trying some configurations where I need the SOAR to use local files and send it to some other parties by mail. Is that possible ? Best Regards, Marty
  • use regex in xml xpath flex connector | help in xpath and xquery

    I have an XML file for the SAG Alliance Gateway, and I'm using an XML flex connector to process it. The connector works, but I'm having trouble with a nested element in the XML. Specifically, I need to extract the value of "RequestRef" using XPath, but…
  • Downloading Arcsight reports with the SOAR

    Hello everyone ! Could you please help me with ideas for a problem I'm currently facing. In our company, we just integrated the SOAR platform. And there are a bunch of tasks that we'd like to automate land the first one is sending the reports to…
  • Manager Receipt Time field has wrong time

    Hello Need your help In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors). I am interested in your…
  • ArcSight Console: start time/ end time of event are similar

    Hello I have a more theoretical question regarding the operation of the console: the start time and end time values ​​of the event in the system match. It is right? Is it possible that something is configured incorrectly? Thanks in advance Bohd…
  • ArchSight ESM 7.6.4 Installation Error

    Hi Team, When installting ArcSight ESM 7.6.4 in Redhat 8.10. we are getting below error. kindly help and suggest. Fatal errors encountered. Could not proceed. Please check the following logs for more detail: /opt/arcsight/var/logs/misc/firstbootsetup…
  • Device Vendor = IBM / Device Product AIX Audit

    Hello guys, I would need your help for a situation we recently observed. For a same device, we observe two different Device Vendor. But the format of the logs is quite the same. Here are the raw logs: <86>May 13 10:20:00 BFBFEIGAAPZP01 sshd[2219]: Invalid…
  • Healthy ESM Thread Count

    Dears, How to know what is the healthy thread count for the ESM and the Agents? We have the next values in server.properties: - agent.threads.max=437 - serverletcontainer.jetty311.threadpool.maximum=674 However, the active thread count is always…
  • ESM Distributed Specs

    Hi Experts, Have a nice time! Kindly, the below screenshot shows the ESM Node Specs for each node: I am wondering why all node should have 8 TB Storage as the CORRE-Engine Storage(Retain events ) only hosted on the persistor?
  • Fusion Integrating ESM Data and Users

    https://www.microfocus.com/documentation/arcsight/arcsight-platform-24.1/arcsight-admin-guide-24.1/#platform_integrate/OSP_authentication.htm?TocPath=Integrating%2520the%2520Platform%2520Into%2520Your%2520Environment%257CIntegrating%2520ESM%25C2%25A0Data…
  • Logger to ESM forwarder user

    Hello, I do not understand how user for ESM forwarder works. I have LDAP bind configured in ESM. However when I am use ESM destination with with domain account I get connection refuse on ESM forwarder (ESM certificated is imported in Logger). I had to…
  • ESM Consume from THUB Topics

    Hi Community, I hope you all are doing well! I just need to double check with you that the ESM cant consume from the th-cef topic of the THUB, however it can receive logs in CEF Format directly from connectros? Any explaination?
  • ArcSight Platform - FUSION Users

    Hello ppl! How do I delete users from Fusion? It does not want to disable or remove their roles. I want to delete them - all of them. I know it's possible, I did this a few years ago but I don't remember, unfortunately -- Or delete a certain pods or…
  • time ranges in ESM Console (+ECC) not filtering out events - clarifications needed

    Hello to Everybody, I have some some issues working with time ranges in ESM Console or in ESM Command Center (by using where keyword). I would like to search for different events during a period of multiple days, but before+after working hours and I tried…
  • Use root or non-root user for clean install ?

    Hello, I am going to install new Looger,ESM and ArcMC. I am not sure which user should I use ? As I understand when using root I can use lower ports and it is easier to register service to the system. However there is potential security risk. Also when…
  • Are there any plans for ESM Console to be compatible with Windows 11 in a future version?

    Are there any plans for ESM Console to be compatible with Windows 11 in a future version?
  • How to map additional data in GTAP connector?

    The currently deployed smart connector imports data from our MISP instance into the ESM. My question is whether we need to map additional data names in our ESM, as I believe those fields already exist within the ArcSight fields.
  • QueryViewer TimeOut ERROR

    Dear All, kindly, we face a lot of dashboard widgets based on the QueryViewer not displaying data and poped up with the below ERREO Message:
  • License Autopass

    Dear All, I hope all is well. Kindly, i have struggled with License AutoPass, can anyone explain it? why the license EPS is sum of the old license file and the new installed file!
  • Rule notification via email with attached report

    Is there a possibility when an alert is triggered, in addition to sending an email with the fields, also sending an attached report? It would be like running a query as soon as the alert is triggered and the query result goes to the attached alert itself…