The most recent OS update for the Arcsight 7700 (HPE G10) appliance includes firmware updates for the system BIOS and iLO, but not for additional system deices like the RAID controller, HDDs and other installed hardware. Please provide the latest firmware…
Environment
ArcSight ESM version 7.7
Situation
1. While testing outgoing email using the internal SMTP server in the manager setup, the email could not be sent to the destination mailbox.
2. Set `email.debug=true` in the `/opt/arcsight/manager…
Course|ID: 3-7305-241
Overview
This course covers how to plan and install ArcSight ESM in Compact and Distributed Mode. You will also learn how to install and configure SmartConnectors, Forwarding Connectors, Syslog Connectors, customize ESM and the…
This Instructor-led 5-day class is an introductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced…
A resource is reporting and issue and stop working because cause by Duplicate entry 'xxxxxxxx' for key 'arc_res_localid_uk'
Environment
ESM 7.x
Situation
A resource is failing and error is Duplicate entry 'xxxxxxx' for key 'arc_res_localid_uk…
That would be great to adapt additional data mapping from ESM on other than ESM destination, as this one is used only for AUP updates with events filtered out when ArcsightPlatform Transformation Hub does the event transport.
ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
Hi Team,
I am receiving following error message when I try to login ArcSight Command Center using SAML2 authentication
ERROR Jetty9ThreadPoolForServer-5345 net.sf.j2ep.ProxyFilter - Incoming method could not be handled net.sf.j2ep.factories.MethodNotAllowedException…
Issue occurred when I updated the CA for Logger which stopped the SmartConnectors from forwarding to the Logger receivers, this was fixed and are now working, however I have a forwarder to ESM which has stopped working, how do I update ESM keystore to…
Hi Team,
I'm getting an HTTP 405 error message, and it seems the assertion URL for Entra ID is incorrect after setting up the External SAML2 authentication method. Can someone help me identify the correct assertion URL for External SAML2 authentication…
Hello everyone,
I'm trying some configurations where I need the SOAR to use local files and send it to some other parties by mail.
Is that possible ?
Best Regards,
Marty
I have an XML file for the SAG Alliance Gateway, and I'm using an XML flex connector to process it. The connector works, but I'm having trouble with a nested element in the XML. Specifically, I need to extract the value of "RequestRef" using XPath, but…
Hello everyone !
Could you please help me with ideas for a problem I'm currently facing.
In our company, we just integrated the SOAR platform. And there are a bunch of tasks that we'd like to automate land the first one is sending the reports to…
Hi Team,
Can you please add the secondary contact information to the SMAX Person Record, So that if we can't reach to the customer via primary contact details we can use the secondary contact. And also please enable that secondary contact details for…
Hello
Need your help
In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors).
I am interested in your…
Hello
I have a more theoretical question regarding the operation of the console: the start time and end time values of the event in the system match. It is right? Is it possible that something is configured incorrectly?
Thanks in advance
Bohd…
Hello, I think from the title it is already clear what I need your help with.
I'm relatively new to this field and ArcSight, so I'm really hoping you can
point me to some text or video resources detailing how to connect a feed
base to ArcSight…
Hi Team,
When installting ArcSight ESM 7.6.4 in Redhat 8.10. we are getting below error. kindly help and suggest.
Fatal errors encountered. Could not proceed. Please check the following logs for more detail: /opt/arcsight/var/logs/misc/firstbootsetup…
Hello guys, I would need your help for a situation we recently observed. For a same device, we observe two different Device Vendor. But the format of the logs is quite the same. Here are the raw logs: <86>May 13 10:20:00 BFBFEIGAAPZP01 sshd[2219]: Invalid…
Hi Team,
We're using arcsight SIEM & SOAR for last 6 years & 1 year respectively. We need to integrate Mail Marshal which is used as email gateway security in our organization. Kindly consider integrating the device with SOAR asap. We also can project…
The Scheduled Jobs viewer in the ESM Console will show most of the needed information on the summary screen, but you have to click on an individual job to see the execution time. When you have hundreds of jobs this would be more beneficial on the summary…
Hi Team, Please ensure to parse these azure traffic logs on the next version of arcsight azure event hub smart connector. Currently the logs are just placed under the message field and not parsed properly. Please let us know when this has been done 1…
Dears, How to know what is the healthy thread count for the ESM and the Agents?
We have the next values in server.properties:
- agent.threads.max=437
- serverletcontainer.jetty311.threadpool.maximum=674
However, the active thread count is always…