• Provide all recommended firmware updates for Arcsight Appliances

    The most recent OS update for the Arcsight 7700 (HPE G10) appliance includes firmware updates for the system BIOS and iLO, but not for additional system deices like the RAID controller, HDDs and other installed hardware. Please provide the latest firmware…
  • Knowledge Document: ESM cannot send email to the Google service domain

    Environment ArcSight ESM version 7.7 Situation 1. While testing outgoing email using the internal SMTP server in the manager setup, the email could not be sent to the destination mailbox. 2. Set `email.debug=true` in the `/opt/arcsight/manager…
  • Updated ArcSight ESM Advanced Administrator course

    Course|ID: 3-7305-241 Overview This course covers how to plan and install ArcSight ESM in Compact and Distributed Mode. You will also learn how to install and configure SmartConnectors, Forwarding Connectors, Syslog Connectors, customize ESM and the…
  • Updated ArcSight ESM Administrator and Analyst course

    This Instructor-led 5-day class is an introductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced…
  • Knowledge Document: Problem with duplicate entry arc_res_localid_uk in ESM

    A resource is reporting and issue and stop working because cause by Duplicate entry 'xxxxxxxx' for key 'arc_res_localid_uk' Environment ESM 7.x Situation A resource is failing and error is Duplicate entry 'xxxxxxx' for key 'arc_res_localid_uk…
  • Adapt additional data mapping for TH architecture

    That would be great to adapt additional data mapping from ESM on other than ESM destination, as this one is used only for AUP updates with events filtered out when ArcsightPlatform Transformation Hub does the event transport.
  • ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
  • ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException: Status code 405 from server

    Hi Team, I am receiving following error message when I try to login ArcSight Command Center using SAML2 authentication ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException…
  • Logger communication to ESM disrupted due to CA update

    Issue occurred when I updated the CA for Logger which stopped the SmartConnectors from forwarding to the Logger receivers, this was fixed and are now working, however I have a forwarder to ESM which has stopped working, how do I update ESM keystore to…
  • External SAML2 Authentication - ArcSight Command Center WebUI

    Hi Team, I'm getting an HTTP 405 error message, and it seems the assertion URL for Entra ID is incorrect after setting up the External SAML2 authentication method. Can someone help me identify the correct assertion URL for External SAML2 authentication…
  • Report on total security event collected for a month

    How can I generate a weekly or monthly report on the total number of security events collected from all connectors in ArcSight ESM?
  • Is it possible to make the SOAR use local server files ?

    Hello everyone, I'm trying some configurations where I need the SOAR to use local files and send it to some other parties by mail. Is that possible ? Best Regards, Marty
  • use regex in xml xpath flex connector | help in xpath and xquery

    I have an XML file for the SAG Alliance Gateway, and I'm using an XML flex connector to process it. The connector works, but I'm having trouble with a nested element in the XML. Specifically, I need to extract the value of "RequestRef" using XPath, but…
  • Downloading Arcsight reports with the SOAR

    Hello everyone ! Could you please help me with ideas for a problem I'm currently facing. In our company, we just integrated the SOAR platform. And there are a bunch of tasks that we'd like to automate land the first one is sending the reports to…
  • Adding Secondary Contact information to the Person Record in SMAX

    Hi Team, Can you please add the secondary contact information to the SMAX Person Record, So that if we can't reach to the customer via primary contact details we can use the secondary contact. And also please enable that secondary contact details for…
  • Manager Receipt Time field has wrong time

    Hello Need your help In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors). I am interested in your…
  • ArcSight Console: start time/ end time of event are similar

    Hello I have a more theoretical question regarding the operation of the console: the start time and end time values ​​of the event in the system match. It is right? Is it possible that something is configured incorrectly? Thanks in advance Bohd…
  • Adding a feed database to ArcSight (on the example of AlienVault OTX)

    Hello, I think from the title it is already clear what I need your help with. I'm relatively new to this field and ArcSight, so I'm really hoping you can point me to some text or video resources detailing how to connect a feed base to ArcSight…
  • ArchSight ESM 7.6.4 Installation Error

    Hi Team, When installting ArcSight ESM 7.6.4 in Redhat 8.10. we are getting below error. kindly help and suggest. Fatal errors encountered. Could not proceed. Please check the following logs for more detail: /opt/arcsight/var/logs/misc/firstbootsetup…
  • Device Vendor = IBM / Device Product AIX Audit

    Hello guys, I would need your help for a situation we recently observed. For a same device, we observe two different Device Vendor. But the format of the logs is quite the same. Here are the raw logs: <86>May 13 10:20:00 BFBFEIGAAPZP01 sshd[2219]: Invalid…
  • All monitor device is ambiguous

    All monitor device is ambiguous. Need to develop in such a way that we can easily monitor the end device integrated with ArcSight.
  • Request for Inclusion of Email Gateway Security Device Mail Marshal in SOAR automation/Blocking

    Hi Team, We're using arcsight SIEM & SOAR for last 6 years & 1 year respectively. We need to integrate Mail Marshal which is used as email gateway security in our organization. Kindly consider integrating the device with SOAR asap. We also can project…
  • Add execution time to Jobs view in ESM Console

    The Scheduled Jobs viewer in the ESM Console will show most of the needed information on the summary screen, but you have to click on an individual job to see the execution time. When you have hundreds of jobs this would be more beneficial on the summary…
  • Fix Azure Event Hub firewall Logs that is not properly parsed

    Hi Team, Please ensure to parse these azure traffic logs on the next version of arcsight azure event hub smart connector. Currently the logs are just placed under the message field and not parsed properly. Please let us know when this has been done 1…
  • Healthy ESM Thread Count

    Dears, How to know what is the healthy thread count for the ESM and the Agents? We have the next values in server.properties: - agent.threads.max=437 - serverletcontainer.jetty311.threadpool.maximum=674 However, the active thread count is always…