• [Office 365] Azure Active Directory - Sub Parser for DeviceProperties

    In default parser for Office 365, there is no token to parser "DeviceProperties" in Azure Active Directory (AAD) Logs. DeviceProperties contains Id, DisplayName, OS, BrowserType, etc. This info is useful for user to analyze where the request comes…
  • o365 connector categorization for failed authentication

    The o365 connector categorization for Azure AD failed authentication is currentlycategorized with an outcome of Success whereas it should be Failure. Failed logins/Brute Force Logins are appearing as successful logins. My idea would be to categorize…
  • Microsoft Azure Event Hub SmartConnector to support use of a proxy to access azure

    The new Microsoft Azure Event Hub connector has a proxy setting however we are told by design the new connector was created to not use a proxy. We would like the ability for the connector to use a proxy for reaching out to the internet to access Azure…
  • Allow the Office 365 SmartConnector to pull logs from Office 365 GCC environments

    In reference to Support Ticket 01830853 and Change Request 342101, it would be nice that the Microsoft Office 365 Management Activity SmartConnector is able to pull logs from Office 365 GCC - Service Descriptions | Microsoft Learn environments.
  • Knowledge Doc: [Standard Connectors] Prerequisites and initial considerations when deploying an Azure Event Hub Smart Connector

    Summary Prerequisites and initial considerations when deploying an Azure Event Hub Smart Connector Products ArcSight Standard Connectors Article Body Environment Deployment in Azure valid for the 8.4.x Event Hub Smart Connector Situation There are…
  • Knowledge Doc: [ArcMC; Logger; ESM] SmartConnector Not Receiving events from Azure Event Hub

    Summary This is an observation on the Azure Event Hub SmartConnector. Some deployments have the cloud function apps disabled by default. Disabled Function App Settings Products ArcSight Management Center (ArcMC),ArcSight Logger,ArcSight Enterprise Security…
  • SmartConnector for Microsoft 365 Defender. Add capability to get Access token request with a certificate

    Currently the SmartConnector for Microsoft 365 Defender only works by with Access token request with a shared secret. In our company group is mandatory that all frontend azure cloud services use a ca-signed certificate, for that reason we need ArcSight…
  • Endpoint alerts for the Defender ATP Connector

    Currently the defender ATP connector supports incidents but in some cases it would be good to be able to consume the alerts directly from the endpoints the below is actually taken from the Splunk integration with defender ATP but offers a description…
  • Put user name O365 connector in destinationUserName instead of sourceUserId

    Brief Description Most connectors put the user name for authentication and management events into the destinationUserName field. The Microsoft Office 365 Management Activity connector, though, puts it into the sourceUserId field, where it is harder…
  • Azure Event Hub SmrtConnector - documentation of script install alternative - function app config

    Currently , The Azure Event Hub SmartConnector requires a Powershell script with subscription admin level access required. This script also installs a complete set of required framework elements, including new dedicated event hub(s). This request is…
  • Azure Event Hub SmartConnector - Vnet Peering support

    Currently, The Event SmartConnector requires a Vnet gateway to export data from the Micro Focus Azure-based Function Applications running the SmartConnector out to a Syslog-NG connector. This request is for those organizations that are looking to run…
  • CEF/ ESM Schema extention to support cloud solutions

    CEF standard was developed ages ago. Nowadays, there are so many cloud-based log sources which require additional fields. Most of the time we use custom/flex strings, but the number of those are limited and it becomes a mess to maintain all of these across…
  • Support for Kafka & Azure

    Please provide details on ArcSight's support for Kafka and Azure Event Hub platforms.
  • Design Arcsight solution on Azure

    Hi, I have to install a simple Log Management solution on Microsoft Azure tenant. Below the data flow: Log Server --> SmartConnector -->Logger It's my first time on Azure and I'm not an expert about it. These are my doubts about the availability of the…
  • Azure Log Integration for ArcSight - Multiple JSON parsers?

    Hello, While following the documentation for Azure log integration with SIEM ( link ), i've created a JSON connector and added the AzureRM json parser. This works great, but RM only parses the Resource Manager itself. I've wanted to make sure that, next…
  • Av.EPS for cloud data sources (AWS VPC Flowlogs, S3 Access logs, Azure Activity, Azure NSG Flowlogs)

    All, Apologies if this question has been asked before. I did perform a search prior to posting and my search did not return any result. I am currently tasked with onboarding AWS VPC Flowlogs, AWS S3 Access logs, Azure Activity/Audit logs, and Azure NSG…
  • Multiple Logins

    Hi, Can someone share suggest me rule for Logins onto an application Appreciate your suggestions!
  • New O365 SmartConnector Stopped Working

    Hello everyone, I deployed the new Microsoft O365 SmartConnector (version 7.2.3.7789 running on Windows Server 2012 R2) that uses the new Activity API about 3 weeks ago. I was able to configure it successfully and we were receiving Azure Active Directory…
  • phonefactor.sdkrfilereader.properties

    Microsoft Azure MultiFactor Authentication connector (previously known as PhoneFactor).