• Incorrect encoding of the event fields in the mail

    ArcSight is installed on CentOS 7 The console interface is in English, but I use the names of rules and filters in Ukrainian. Letters to the post office are sent using our own velocity templates and additionally the letter contains fields with the names…
  • Report on total security event collected for a month

    How can I generate a weekly or monthly report on the total number of security events collected from all connectors in ArcSight ESM?
  • Comparison of a specific random event field with the active list

    Hi Maybe someone had to face a similar problem. I need help describing a rule that will compare a specific event field with a specific column in the active list. The first question: is it possible to implement? I've looked at ArcSight's built-in…
  • Add a task for the case

    Hi A certain event was found, there is a case in the navigator, is it possible to create a task for a specific user for practice? Maybe you know some functionality close to this. We are not talking about the external ticket system, but about the internal…
  • Creating Custom E-mails Using Velocity Templates

    Hi I have a rule that triggers when a certain event is found and sends information about the found event to the mail. I used the ESM Administrator's Guide, section Appendix C: Creating Custom E-mails Using Velocity Templates In <ARCSIGHT_HOME>/Manager…
  • What it is ? Why is it needed? How critical is it?

    Hello, I need your advice. I don't know enough about such things, so please advise. I received a letter from ESM with a warning: EventArchive location /opt/arcsight/logger/data/archives/ has used 99% of the cap space. Please free up some cap by moving…
  • Custom string flield

    Hi I noticed that there are only 6 custom string fields in ArcSight. Even with grabbing two fields from the Flex section, I still don't have enough to work with. Who can suggest an alternative or how to increase the number of custom fields? Thanks…
  • How ArcSight FlexConnector JSON Multiple Folder Follower works

    Hello. Please explain to me how the JSON Multiple Folder Follower Connector works I am interested in real-time file monitoring. For now, I'm training on an artificially generated file and artificially generated JSON events. When I start the connector…
  • Manager Receipt Time field has wrong time

    Hello Need your help In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors). I am interested in your…
  • ArcSight Console: start time/ end time of event are similar

    Hello I have a more theoretical question regarding the operation of the console: the start time and end time values ​​of the event in the system match. It is right? Is it possible that something is configured incorrectly? Thanks in advance Bohd…
  • Can't start ./runagentsetup after connector installing

    Hello, guys, I need your help. In CentOS after installing SmartConnector and running ./runagentsetup the process of connector configuration stops at this point: Assuming ARCSIGHT_HOME: /home/user/ArcSightSmartConnectors/current Assuming JAVA_HOME…
  • Send logs to ArcSight by NXLog

    Hello, I need your help. I am interested in the process of configuring ArcSight to receive the logs it collects from the system. (Important note: collects logs in one system and sends to another). I would be grateful for a detailed description of how…
  • ArcSight ESM, logs getting

    Hello everybody. I am new to this field of activity. Please tell me, I have a task to get system logs (any) from one Linux system to another (where ArcSight is installed). Of the available tools, I only have the SuperConnector, which contains only the…
  • No log coming from firepower to ArcSight ESM after we upgraded the cisco Firepower to v 7.2.5

    recently we have upgraded our Cisco firepower to v 7.2.5 . We have ArcSight ESM is v 7.6. What exact versions of connector, eStreamer client and python am I supposed to use on the connector server (Red Hat Enterprise Linux 8.9 (Ootpa)) please? I am tired…
  • Arcsight ESM Query viewer Dashboard Issue

    Dear Experts, I have a requirement for one of our customer to populate the dashboards for different conditions for the past 24 hours Example Port Scan To achieve this I created the filter, created queries to pull top 10 source address, to p 10 source…
  • how to create a rule for an accounts with no activity for more than 60 days ?

    Hello People, i'm trying to create a rule for accounts that has not been active for more than 60 days. I tried to make a join rule but due to resource limitations i can't keep the rule open for 60 days the second attempt was to create a session list that…
  • Unable to get output file to email address

    There is a function in ArcSight Scheduling Report where the user can set the output file either save in ArcSight achieve folder or send to the respective email address with attached report. But when I try just now, I didn't receive any email notification…
  • Package framework locked by [username] for install packages?

    Hello Experts, while synchronizing the ESM DC and DR and push the packages between them i have this error in the Command center, also if i want to export or import .arb packages faces the same issue Kindly, how to unlock this account?
  • /Opt is used by 99%

    Dears, I have my /opt for ESM is used by 99%, we couldn't increase the size of /opt, and couldn't decrease the retention period to lower one. Are there any files that could be deleted to free some space to avoid ESM down!!!
  • Postgres service and manager would not start

    Hello, i mistakenly deleted the files at /opt/arcsight/logger/data/logger and now the ESM manager would not start. It looks like the database is now corrupted. What can i do ?
  • Map File based on Device event Class ID

    Hello Experts, Hope you are doing well. i have a lot of fields don't mapped for CISCO ISE Syslog Connector, i'd like to map them. i know i could map them through the send command using the console But in my case, i want to map them accordingly…
  • Degradation EPS on ESM

    Hello. Did anyone meet the next problem? In server.license.log looking degradation of EPS (x3 for 2 month). Connectors have cache files. But activating multithread doesn't help. No memmory problem on connectors. Cache files on all connectors. In agent…
  • ESM Migration to new physical server

    Hi Experts, am asking about the steps should we follow to have a successful migration and update from ESM 7.3 To ESM 7.6. Approach 1:- Migrate from 7.3 to the new server and then take the upgrade path 7.3 --> 7.4 --> 7.5 -->7.6. Approach 2:- Upgrade…
  • ArcSight Command Centre MITRE Coverage Dashboard

    I am trying to align our custom rules to the MITRE Framework and congifured CustomSTring6 & Label to T no. and MITRE ID but the MITRE Coverage Dashboard only show recently attacks in last 2 day not when one of my rules is installed and not enabled or…
  • How to install Archsight esm in Centos and where to download archsight esm?

    I have VM where centos 7 is installed. The centos vm has internet access, from where I can download and install the Arcsight esm.