• Firepower/ArcSight

    Hello There is Firepower, from which events are received in ArcSight using eStreamer. I don't know which connector is used for this. The problem is as follows: packet data has a custom field with a HEX code that can easily be transformed into a…
  • Error starting connector configuration

    Hello. In the CentOS7 system, after installing the ArcSight-8.4.4.9261.1-Connector-Linux64.bin connector and running runagentsetup.sh, the process stops at this stage - "Checking for a running instance of connector..." The agentsetup.log file contains…
  • ArcSight ESM, logs getting

    Hello everybody. I am new to this field of activity. Please tell me, I have a task to get system logs (any) from one Linux system to another (where ArcSight is installed). Of the available tools, I only have the SuperConnector, which contains only the…
  • Connectors after switching from 2 TransformationHub destinations (CEF and BINARY) to single AVRO consumes much more RAM

    Hello, we have migrated from 2 TransformationHub destinations (CEF and BINARY) to single AVRO destination (connectors on 8.4 & 8.4.2). We had about 10 connectors per server with 24GB RAM and ussualy had about 3-4GB of ram FREE. After migration,…
  • agentdat folder size is more than cache sizing.

    Hi, I hope all is well. I notice that the size of the directory /current/user/agent/agentdata is more than the size assigned to the connector cache size. Many times the connector cache size is 1 GB and the agentdata is 12 GB. Also, what is the…
  • Can't delete a container from ArcMC

    Dear All, i hope all is well. i have a software ArcMC and installed on the same server a connector then add it to the arcMC. now i want to delete this container but unfortunately, i couldn't delete it. Any advice.
  • Map File based on Device event Class ID

    Hello Experts, Hope you are doing well. i have a lot of fields don't mapped for CISCO ISE Syslog Connector, i'd like to map them. i know i could map them through the send command using the console But in my case, i want to map them accordingly…
  • ArcSight Connector on SAP HANA Database

    Has anyone successfully created a custom connector to read HANA Database logs? If so, could you share which connector type was selected and how it was configured to allow the logs to be forwarded. Thank you in Advance.
  • What is meaning of Number of bad threat level values in connector?

    When i opened agent.log and used 'WARN' filter. show me that. I got many 'number of bad threat level values received and corrected' mesages. What does this message mean? Best Regards
  • Notification When A Device Stops Sending Logs To connector

    Hello, Can someone help with a rule that can be created when a device stops sending logs to a connector on Arcsight Console even when the connector is active and running
  • Hi, I have a flex DB connector. Time is mapped to event.startTime field as a timestamp. Can I somehow store time as a string in some additional field like deviceCustomString?. Thanks.

    timestamp to string conversion
  • Elastic ArcSight

    Continuing on the earlier work done by , I wanted to look further into how ArcSight Elastic might look, what might the impact be on event collection, event storage, and other aspects like enrichment. Some of these lend themselves to very metric drive…
  • Elastic ArcSight

    Continuing on the earlier work done by , I wanted to look further into how ArcSight Elastic might look, what might the impact be on event collection, event storage, and other aspects like enrichment. Some of these lend themselves to very metric drive…
  • Elastic ArcSight

    Continuing on the earlier work done by , I wanted to look further into how ArcSight Elastic might look, what might the impact be on event collection, event storage, and other aspects like enrichment. Some of these lend themselves to very metric drive…
  • Elastic ArcSight

    Continuing on the earlier work done by , I wanted to look further into how ArcSight Elastic might look, what might the impact be on event collection, event storage, and other aspects like enrichment. Some of these lend themselves to very metric drive…
  • Matching URL with Threat Intelligence Feeds URLS

    Hello, Please if anyone can assists especially someone using Symantec Deepsight Threat Intel. In my proxy logs URLs appears as tunnel:// www.facebook.com:443 , And in my Threat Intelligence feeds active list it is https://www.facebook.com , Now Im confused…
  • ArcMC thinks logger is down

    Hello, Our ArcMC currently believes one of our loggers is unreachable and that one of our connectors is also unreachable. According to both loggers the connector is sending events and the logger is operational. I have resarted the arcmcagent service on…
  • On CentOS, runagentsetup.sh won't start

    We are running CentOS release 6.9 with java: java version "1.7.0_161" OpenJDK Runtime Environment (rhel-2.6.12.0.el6_9-x86_64 u161-b00) We have an arcsight agent running collecting logs remotely and we need to turn off the DNS resolution. But when we…
  • Facing Arcsight smart connector down AOH for sourcefireAPI config (estreamer)

    Hi All, Recently we have deployed CISCO FSM 5.4.1.1 and integrate with Arcsight Solution through eStramer API with the avaliable connector type as sorcefire defence center estreamer connector version 7.6.0. It is been observed that while OH it is running…
  • Estimated EPS above requirement for connector

    Greetings, I am working on a regex file reader flex connector to parse cloud related logs(AWS VPC flowlogs to be specific). The logs are stored in an AWS S3 bucket. A script runs on an interval to download the logs to a folder on a local VM where the…
  • arcsight dashboard connector status access by third party application

    Hi, Our environment has an application which is usually used to monitor all the tools which are used internally in our team.So,we plan to incorporate the dashboard connector status of Árcsight console to this application for monitoring(Dashboards->Arcsight…
  • How is agentHostName field filled in by a SmartConnector ?

    On a dual-homes machine, I noticed that the SmartConnector sometimes take the reverse DNS resolution of 1 interface, sometimes the other one, but can't determine exactly why. Also why doesn't it simply take the result of the command "hostname" ?
  • Quick Flex filters

    Hi, I need to parse log from a FortiDDOS device. No smart connector are pre-configured for that, so I begin to develop a Flex. The logs are in the same format but some fields are present or not, depend of the log. So my regex is ok for some of log, but…
  • ArcSight ESM active channel is empty with no error!

    dear All I have a Logger and ESM in Version 5.x and all things is working fine with no errors. event output in logger configured fine and connector created in esm navigator status is running. but in created untitled channel with no filter from logger…
  • AS400 Version 7.x Connector

    Hello, I see the latest version supported by the 'IBM eServer iSeries Audit Journal File' SmartConnector is version 6.1. Has anyone developed a flex for AS400 version 7.1 or 7.3, or have the parser override? Thanks! Valerie