ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
Hi Team,
I am receiving following error message when I try to login ArcSight Command Center using SAML2 authentication
ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException…
Issue occurred when I updated the CA for Logger which stopped the SmartConnectors from forwarding to the Logger receivers, this was fixed and are now working, however I have a forwarder to ESM which has stopped working, how do I update ESM keystore to…
Hi Team,
I'm getting an HTTP 405 error message, and it seems the assertion URL for Entra ID is incorrect after setting up the External SAML2 authentication method. Can someone help me identify the correct assertion URL for External SAML2 authentication…
Hello everyone,
I'm trying some configurations where I need the SOAR to use local files and send it to some other parties by mail.
Is that possible ?
Best Regards,
Marty
I have an XML file for the SAG Alliance Gateway, and I'm using an XML flex connector to process it. The connector works, but I'm having trouble with a nested element in the XML. Specifically, I need to extract the value of "RequestRef" using XPath, but…
Hello everyone !
Could you please help me with ideas for a problem I'm currently facing.
In our company, we just integrated the SOAR platform. And there are a bunch of tasks that we'd like to automate land the first one is sending the reports to…
Hello
Need your help
In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors).
I am interested in your…
Hello
I have a more theoretical question regarding the operation of the console: the start time and end time values of the event in the system match. It is right? Is it possible that something is configured incorrectly?
Thanks in advance
Bohd…
Hi Team,
When installting ArcSight ESM 7.6.4 in Redhat 8.10. we are getting below error. kindly help and suggest.
Fatal errors encountered. Could not proceed. Please check the following logs for more detail: /opt/arcsight/var/logs/misc/firstbootsetup…
Hello guys, I would need your help for a situation we recently observed. For a same device, we observe two different Device Vendor. But the format of the logs is quite the same. Here are the raw logs: <86>May 13 10:20:00 BFBFEIGAAPZP01 sshd[2219]: Invalid…
Dears, How to know what is the healthy thread count for the ESM and the Agents?
We have the next values in server.properties:
- agent.threads.max=437
- serverletcontainer.jetty311.threadpool.maximum=674
However, the active thread count is always…
Hi Experts,
Have a nice time!
Kindly, the below screenshot shows the ESM Node Specs for each node:
I am wondering why all node should have 8 TB Storage as the CORRE-Engine Storage(Retain events ) only hosted on the persistor?
Hello, I do not understand how user for ESM forwarder works. I have LDAP bind configured in ESM. However when I am use ESM destination with with domain account I get connection refuse on ESM forwarder (ESM certificated is imported in Logger). I had to…
Hi Community,
I hope you all are doing well!
I just need to double check with you that the ESM cant consume from the th-cef topic of the THUB, however it can receive logs in CEF Format directly from connectros?
Any explaination?
Hello ppl!
How do I delete users from Fusion? It does not want to disable or remove their roles. I want to delete them - all of them. I know it's possible, I did this a few years ago but I don't remember, unfortunately -- Or delete a certain pods or…
Hello to Everybody, I have some some issues working with time ranges in ESM Console or in ESM Command Center (by using where keyword). I would like to search for different events during a period of multiple days, but before+after working hours and I tried…
Hello, I am going to install new Looger,ESM and ArcMC. I am not sure which user should I use ? As I understand when using root I can use lower ports and it is easier to register service to the system. However there is potential security risk. Also when…
The currently deployed smart connector imports data from our MISP instance into the ESM. My question is whether we need to map additional data names in our ESM, as I believe those fields already exist within the ArcSight fields.
Dear All,
I hope all is well.
Kindly, i have struggled with License AutoPass, can anyone explain it?
why the license EPS is sum of the old license file and the new installed file!
Is there a possibility when an alert is triggered, in addition to sending an email with the fields, also sending an attached report? It would be like running a query as soon as the alert is triggered and the query result goes to the attached alert itself…