Environment
Arcsight Platform 24.2 ESM version:7.6.4 SOAR version:24.2
Situation
Check the SOAR logs and found the following exception.
1733207588.296642389,"2024-12-03T14:33:08.296642389+08:00","[2024-12-03 06:33:08.291] [ERROR] [jms-arcsight…
Some suggestions are provided whenever a set of pods are shown on the Evicted status
Environment
ArcSight Platform 2X.X.X with any of the below capabilities:
Fusion/Core
Transformation Hub
SOAR
Recon
Intelligence
Situation…
This issue is part of KM000008641.
Environment
ArcSight SOAR 3.11.0
Situation
The SOAR UI displays a license error, as shown in the screenshot below:
After following the instructions in KM000008641, the issue was not resolved…
Learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced to triaging and resolving cases with ArcSight SOAR. …
Environment
SOAR all versions
Situation
After integration done, processing actions on these might got the message "Duplicate" because the action has been proceeded but not yet got response. There's a need to skip the duplication check on these integrations…
SOAR alternative capability to Send Email To Scope Item Recipients
Environment
SOAR 3.11 ArcSight Platform 24.2
Situation
The SMTP Action capability "Send Email To Scope Item Recipients" will send email with some blank fields with HTML…
"Invalid workflow template selected" issue
Environment
SOAR version 3.11
Situation
There're situations that playbook(s) need to be synced from an older versions of SOAR or downloaded from marketplace to the later one such as 3.11.…
This Instructor-led 5-day class is an introductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced…
Hello, currently I have software version of Logger,ArcMC and ESM on separated servers. If I want to use SOAR and other Arcsight Platform products can I just setup 4th server with CDF and then use for example this config
" example-install-config-recon…
Hello everyone, I've been trying a build a python script through the scheduled playbook editor on the SOAR but I'm facing some difficulties: First, I checked the python interpreter installed on it. import sys print(sys.version) 2.7.3.1-SNAPSHOT (version…
Hello everyone,
I'm trying some configurations where I need the SOAR to use local files and send it to some other parties by mail.
Is that possible ?
Best Regards,
Marty
Hello everyone !
Could you please help me with ideas for a problem I'm currently facing.
In our company, we just integrated the SOAR platform. And there are a bunch of tasks that we'd like to automate land the first one is sending the reports to…
Hi Team,
We're using arcsight SIEM & SOAR for last 6 years & 1 year respectively. We need to integrate Mail Marshal which is used as email gateway security in our organization. Kindly consider integrating the device with SOAR asap. We also can project…
Hello, I have already owned an old integration code from Trend Micro vendo for Deep Discovery Analyzer. I try to convert or take piece by piece from old code an try to build a plugin for ArcSight according to desired structure in documentatio below. An…
I use ESM as the Alert Source for SOAR, but the rule in ESM triggers only when the same source Address and URL occur 1000 times within 24 hours, whereas SOAR Case triggers for every single event. Where should I adjust this?
Allow Classification using scope value matches regex and scope value does not match regex. This ability is used for other functionality and filters in SOAR.
Hello Team
SOAR does not work with FortiGate Multi-VDOM environment.
Currently SOAR only add IP address or URLs to root VDAM on FortiGate. This is a limitation. Our organisation
It is an important feature to have
Kindly take it as a priority …
Soar Case Search Scope Item Value Operators allow for contains, not contains in subnet and not in subnet. This feature would allow for more precise search operators such as Equals. Current our IPS feeds events to SOAR and has Blocked or Would be Blocked…
In soar you can create search filters for viewing cases. The filters are unique per user and does not allow sharing among other users. This feature would allow filters to be created per user or be able to share filters with other users or users in the…
Hello Opentext,
FortiGate Multi-VDOM environment is not compatible with SOAR.
At present, SOAR only appends IP addresses or URLs to the root VDOM on FortiGate, presenting a significant limitation.
Our project integrating SOAR with FortiGate is currently…
Hello Opentext,
SOAR does not work with FortiGate Multi-VDOM environment.
Currently SOAR only add IP address or URLs to root VDAM on FortiGate. We are currently stuck with the project on SOAR-FortiGate integration and support confirmed to us that…
SOAR should support integrate with Bluecoat Proxy SG version 7.3, as the last supported version shows 6.6 which is too old as compare to latest version.
I have a question about "SCHEDULED PLAYBOOKS" (RESPOND > Playbooks > SCHEDULED PLAYBOOKS) I would like to create a playbook that runs on a regular basis. Is the above "SCHEDULED PLAYBOOKS" the only way to achieve this?
Is it possible to create a playbook…
Hello Team
SOAR does not work with FortiGate Multi-VDOM environment.
Currently SOAR only add IP address or URLs to root VDAM on FortiGate. This is a limitation. We are stuck with the project on SOAR-FortiGate integration and support confirmed to us…