• Guidance on Implementing Data Enrichment through Third party threat intelligence Integration in ArcSight

    I am working on a use case to integrate Third party threat intelligence with ArcSight . The goal is to accomplish the following tasks: SIEM Data Enrichment Ingest raw log events into ArcSight. Create empty lookup files in ArcSight for each IOCs…
  • Knowledge Document: Deleting Older Vulnerable Libraries after Upgrading a Connector

    Upgrade a Connector from local, ArcMC, or ESM, it creates a backup of the install directory of the existing connector to facilitate rollback in unforeseen scenarios Environment ArcSight Connector 8.x Situation Old connector libraries…
  • Add Destination Cleanup

    I have noticed, that after couple of adding and deleting destinations in ArcMc, the config files for those destinations are still present on the connector. Theese connectors also logs errors similar to this: [ERROR][com.arcsight.agent.loadable._DOSProtector…
  • ArcSight Management Center 3.2 Administrator’s Guide

    Hello ArcSight community. I'm looking for the PDF of the ArcSight Management Center 3.2 Administrator’s Guide. Here https://www.microfocus.com/it-it/documentation/arcsight/arcmc-3.2/ are available only as ZIP(http structure) and HTML ; No PDF. Could…
  • HTTP 404 Error After Upgrading to ArcMC 3.2.1 on Redhat 8.4

    Hello, I recently upgraded my ArcMC from version 3.2.0 to 3.2.1 on a Red Hat 8.4 server. Following the upgrade, I am encountering the following error when accessing the web interface: HTTP Status 404 – Not Found Type Status Report Description The…
  • Unable to add transformation hub in arcmc

    Dear Team, I am new to the Transformation Hub configuration and would like to get help on this. We are not able to add Transformation hub as a host in ArcMC, I am getting below error while addition. Server returned HTTP response code: 503 for URL…
  • request for support AES256 with SHA2 for Logger appliance

    ArcSight Logger and ArcSight Connector's SNMPv3 for polling and traps only support up to AES128. Purpose : To increase the security level Meeting compliance and hardening standard
  • Can not create new rule in ArcMC with metric type Reciver EPS

    Hello Team, Our customers is unable to create a new rule in ArcMC with metric type Receiver EPS or Forwarder EPS used. When the new rule is being created, once you choose Metric Type: Receiver EPS or Forwarder EPS an error shows saying: "Cannot get product…
  • ArcMC cannot resolve connector hostname

    Hello, I am trying to add new host to the new clean install of ArcMC 3.2.2 but getting error with failed downloaded certificate. In parallel I have older ArcMC where things works fine. I can add connector server by IP but cannot by hostname. hostname…
  • Use root or non-root user for clean install ?

    Hello, I am going to install new Looger,ESM and ArcMC. I am not sure which user should I use ? As I understand when using root I can use lower ports and it is easier to register service to the system. However there is potential security risk. Also when…
  • ArcMC to support Multi Factor Authentication

    We as a bank are looking for setting up Multi Factor Authentication in ArcMC. We could not find any reference document to set up MFA in our current implementation. As per support, MFA is not supported in the current version of ArcMC. Since ArcMC gives…
  • Logger Cache

    Hi Community, I was hoping I could get some assistance regarding a cache issue, it seems as if events have been cached on ArcMC and have not reached the logger pool and only the ESM. AM i able to retrieve these logs and get the them restored to the pool…
  • Add report on devices reporting to ArcMc as an actual report or export

    ArcMc shows the devices that are reporting, in the summary dashboard. The Topology and Deployment Views also show Source, Processor, Destination In preparation for a data center relocation, we need to identify all Log Originating devices that are…
  • ArcSightk Management Center (ArcMC) and Smart Connector as microservice on managed Kubernetes ?

    Hello, In our project we have ArcSight Management Center (ArcMC) and Arcsight Smart Connector each running on AWS EC2. I searched here for microservice deployment (managed Kubernetes - AWS EKS for example). Would ArcSight Management Center (ArcMC…
  • ArcMC Marketplace Certificate Warning

    Hello, I installed version 3.2.0 ArcMC and have marketplace certificate missmatch error. I used administrator guide and get new certificate and update in local os. this is not solved my certificate error. Than I saw new ArcMC version 3.2.1. Fixed…
  • agentdat folder size is more than cache sizing.

    Hi, I hope all is well. I notice that the size of the directory /current/user/agent/agentdata is more than the size assigned to the connector cache size. Many times the connector cache size is 1 GB and the agentdata is 12 GB. Also, what is the…
  • ArcMc Authentication Issue with LDAP

    Dears, the ArcMc authentication is working properly for a long time with LDAP, and suddenly we can't access and encounter this error: why this issue occured, and how to overcome it?
  • Can't delete a container from ArcMC

    Dear All, i hope all is well. i have a software ArcMC and installed on the same server a connector then add it to the arcMC. now i want to delete this container but unfortunately, i couldn't delete it. Any advice.
  • Knowledge Doc: Logger is not currently managed by ArcSight Management Center (ArcMC)

    Summary Logger license is ADP enabled, and added as host to ArcMC, but error displays on logger GUI: Logger is not currently managed by ArcSight Management Center (ArcMC) Products ArcSight Logger Environment ArcSight Logger 7.0.0 Situation Error Message…
  • Configuration backup ESM

    Hi Experts, we are planning to take a configuration backup for arcsight products: first connector (we have already take a container backup from the ArcMc ) . Q:- how to restore that container backup? secondly, for ESM we took the system…
  • Knowledge Doc: Workaround when Fusion ArcMC is not working after license expiration

    Summary The following article details a series of steps when Fusion ArcMC is not working because of license expiration Products ArcSight Management Center (ArcMC) Environment 22.1.x/23.1.x ArcSight Platform Suite cluster with the Fusion capability.…
  • SIEM on RHEL 9.1

    Hello, will be problem install ArcMC, ESM and Logger on RHEL 9.1, since in documentation is mentioned only RHEL 8.6 so far. Regards Jan
  • Now Available: ArcSight 2023.1 - Including ArcSight SaaS with Real-Time Threat Detection, Recon 1.5.1, and more...

    General Availability – ArcSight 2023.1 OpenText Cybersecurity is excited to announce the availability of ArcSight 2023.1, a historic release that marks the launch of Real-Time Threat Detection on the ArcSight SaaS platform and the start of a new chapter…
  • Knowledge Doc: [ArcMC] Platform initializers fail............check /opt/arcsight/.............../logger_init_driver.log for details

    Summary After uninstalling the old version of the Arcmc, attempt to install a fresh/higher version resulted in the error "Platform initializers fail............check /opt/arcsight/.............../logger_init_driver.log for details". This is peculiar to…
  • A new ArcSight architecture for SMB Companies

    Please consider building an ArcSight architecture for SMBs - ESM4SMB Unified architecture based on ESM with up to 25000 EPS (ESM4SMB), including 1. Based on ESM platform make licensing difference for correlation (ex ESM) and logging (ex logger) (A key…