ArcSight is installed on CentOS 7
The console interface is in English, but I use the names of rules and filters in Ukrainian.
Letters to the post office are sent using our own velocity templates and additionally the letter contains fields with the names…
Hi
Maybe someone had to face a similar problem. I need help describing a rule that will compare a specific event field with a specific column in the active list.
The first question: is it possible to implement?
I've looked at ArcSight's built-in…
Hi
A certain event was found, there is a case in the navigator, is it possible to create a task for a specific user for practice? Maybe you know some functionality close to this. We are not talking about the external ticket system, but about the internal…
Hi
I have a rule that triggers when a certain event is found and sends information about the found event to the mail.
I used the ESM Administrator's Guide, section Appendix C: Creating Custom E-mails Using Velocity Templates
In <ARCSIGHT_HOME>/Manager…
Hello, I need your advice.
I don't know enough about such things, so please advise. I received a letter from ESM with a warning: EventArchive location /opt/arcsight/logger/data/archives/ has used 99% of the cap space. Please free up some cap by moving…
Hi
I noticed that there are only 6 custom string fields in ArcSight. Even with grabbing two fields from the Flex section, I still don't have enough to work with. Who can suggest an alternative or how to increase the number of custom fields?
Thanks…
Hello.
Please explain to me how the JSON Multiple Folder Follower Connector works
I am interested in real-time file monitoring.
For now, I'm training on an artificially generated file and artificially generated JSON events. When I start the connector…
Hello
Need your help
In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors).
I am interested in your…
Hello
I have a more theoretical question regarding the operation of the console: the start time and end time values of the event in the system match. It is right? Is it possible that something is configured incorrectly?
Thanks in advance
Bohd…
Hello, guys, I need your help.
In CentOS after installing SmartConnector and running ./runagentsetup the process of connector configuration stops at this point:
Assuming ARCSIGHT_HOME: /home/user/ArcSightSmartConnectors/current Assuming JAVA_HOME…
Hello, I need your help. I am interested in the process of configuring ArcSight to receive the logs it collects from the system. (Important note: collects logs in one system and sends to another).
I would be grateful for a detailed description of how…
Hello everybody. I am new to this field of activity.
Please tell me, I have a task to get system logs (any) from one Linux system to another (where ArcSight is installed). Of the available tools, I only have the SuperConnector, which contains only the…
recently we have upgraded our Cisco firepower to v 7.2.5 . We have ArcSight ESM is v 7.6. What exact versions of connector, eStreamer client and python am I supposed to use on the connector server (Red Hat Enterprise Linux 8.9 (Ootpa)) please? I am tired…
Dear Experts,
I have a requirement for one of our customer to populate the dashboards for different conditions for the past 24 hours Example Port Scan
To achieve this I created the filter, created queries to pull top 10 source address, to p 10 source…
Hello People, i'm trying to create a rule for accounts that has not been active for more than 60 days. I tried to make a join rule but due to resource limitations i can't keep the rule open for 60 days the second attempt was to create a session list that…
There is a function in ArcSight Scheduling Report where the user can set the output file either save in ArcSight achieve folder or send to the respective email address with attached report.
But when I try just now, I didn't receive any email notification…
Hello Experts,
while synchronizing the ESM DC and DR and push the packages between them i have this error in the Command center,
also if i want to export or import .arb packages faces the same issue
Kindly, how to unlock this account?
Dears,
I have my /opt for ESM is used by 99%, we couldn't increase the size of /opt, and couldn't decrease the retention period to lower one.
Are there any files that could be deleted to free some space to avoid ESM down!!!
Hello, i mistakenly deleted the files at /opt/arcsight/logger/data/logger and now the ESM manager would not start. It looks like the database is now corrupted. What can i do ?
Hello Experts,
Hope you are doing well.
i have a lot of fields don't mapped for CISCO ISE Syslog Connector, i'd like to map them.
i know i could map them through the send command using the console
But in my case, i want to map them accordingly…
Hello.
Did anyone meet the next problem? In server.license.log looking degradation of EPS (x3 for 2 month). Connectors have cache files. But activating multithread doesn't help. No memmory problem on connectors. Cache files on all connectors. In agent…
Hi Experts,
am asking about the steps should we follow to have a successful migration and update from ESM 7.3 To ESM 7.6.
Approach 1:- Migrate from 7.3 to the new server and then take the upgrade path 7.3 --> 7.4 --> 7.5 -->7.6.
Approach 2:- Upgrade…
I am trying to align our custom rules to the MITRE Framework and congifured CustomSTring6 & Label to T no. and MITRE ID but the MITRE Coverage Dashboard only show recently attacks in last 2 day not when one of my rules is installed and not enabled or…