• Software ArcSight Logger : increase storage volume

    Hello everyone, I am new in Arcsight, I have a question about increasing storage volume of Arcsight Logger. when I increase the storage volume I must do that passing to maintenance mode, after a restart of the server the events are gone. How we can avoid…
  • Arcsight Logger storage group : question

    Hello everyone, I am new in arcsight logger, I have a question about storage groups. how we can monitor the usage of storage groups in order to estimate the size that we will added to some storage groups for example ? I know that there is a list that…
  • Arcsight Logger : automatically restart services using monit

    Hello everyone, I have a question how we can restart services of logger automatically using monit. Process 'apache' running Process 'aps' running Process 'connector' running Process 'mysqld' running Process 'postgresql' running Process 'processors' running…
  • P-CylancePROTECT

    This is the discussion thread for the CylancePROTECT product package for Activate and its FlexConnector.
  • Cisco IronPort - Partial Merged Email Event

    We have Cisco IronPort coming in via Syslog. There are 1000's of partial merged email events produced. Is there a fix for these or is this just a bug between ArcSight and Cisco? Has anyone ever experienced this error and fixed it? Raw Example: <22>Feb…
  • Activate Base Product Package Microsoft Azure

    This is the official forum for discussing the ArcSight Activate Base Product Package Microsoft Azure as described in the Wiki .
  • Activate Base 2.4 to Activate Base 2.5 update

    Hi, Recently, I have imported Activate Base version 2.4 on ESM-Express. Just want to ask how can I update it to the latest version which is Activate Base 2.5. Should I delete the older version and import the new one? Thanks in advance! Regards, Aqui
  • ArcSight Activate Base

    Hi, I'm trying to import some activate use cases from the marketplace but it says that it needs Activiate Base in order for the import to complete. But the Activate Base import won't finish due to some errors. Does Activate also work with ESM-Express…
  • P-Pulse Secure

    This is the official forum for discussing the basic ArcSight Activate P-Pulse Secure product package as described in the wiki .
  • ArcSight Content Brain Assessment

    We have a new Content Brain tool to help you navigate all of the free content packages available in the Activate Framework and Marketplace. More details here! The ArcSight ESM SIEM sits at the cent er of an intelligent SOC. It’s often the only tool…
  • Re Importing previously uninstalled ArcSight Activate content

    Hi all! I recently deleted an activate folder structure (using an old laptop with a terrible trackpad). In order to try and re add the folder structure I attempted a ”re-import”, this failed, so uninstalled the package and associated content packages…
  • L1-Malware Monitoring

    Hi, I have just installed the above mentioned activate use case as per instructions, all went fine but seems like there are no conditions in the main filters without which I don’t think the use case will work. I have looked through all the instructions…
  • Lenel installer tries to handle the update package but there isn't one

    I just installed the Lenel package in a VM and got some errors from the install script. I is trying to install and then export an update arb but there isn't one in the bundle: Will now install: Installing the following packages: /All Packages/ArcSight…
  • L2-Malware Monitoring Email - Situational Awareness

    This is the official forum for discussing the ArcSight Activate L2-Malware Monitoring Email - Situational Awareness package as described in the Wiki .
  • L1-Malware Monitoring Email - Indicators and Warnings

    This is the official forum for discussing the ArcSight Activate L1-Malware Monitoring Email - Indicators and Warnings p ackage as described in the Wiki .
  • P-Trend Micro - Control Manager - Base

    This is the official forum for discussing the ArcSight Activate P-Trend Micro - Control Manager - Base product package as described in the Wiki .
  • P-McAfee ePO - Base

    This is the official forum for discussing the basic ArcSight Activate P-McAfee ePO - Base product package as described in the Wiki .
  • P-Trend Micro - OfficeScan

    This is the official forum for discussing the ArcSight Activate P-Trend Micro - OfficeScan product package as described in the Wiki .
  • P-Trend Micro - InterScan Messaging Security

    This is the official forum for discussing the ArcSight Activate P-Trend Micro - InterScan Messaging Security product package as described in the Wiki .
  • P-Trend Micro - ScanMail

    This is the official forum for discussing the ArcSight Activate P-Trend Micro - ScanMail product package as described in the W iki .
  • P-McAfee Security for Exchange

    This is the official forum for discussing the ArcSight Activate P-McAfee Security for Exchange product package as described in the Wiki .
  • Activate Base 2.5.2.0

    Hello all, We are preparing to release the latest update to Activate Base. See the Activate Base Forum for details. It should be on the ArcSight Marketplace soon!
  • User Account Modification Rule

    Hi, Am i correct in assuming that the L1 User Account Modification Rule is a catch all now for events such as password resets, user added or removed from group and any other user account update type events that a product\device can log? thanks …
  • Has anyone worked with Activate Base Suppression Lists successfully?

    I am trying to work with the suppression lists, but the documentation is somewhat incomplete. There is no mention of how a list comes into play with any of the rules. Don't the rules need to query the active list during condition check? The only described…
  • L2-Data Security Encryption - Situational Awareness

    This is the official forum for discussing the basic ArcSight Activate, L2-Data Security Encryption product package as described in the Wiki .