Hi Team,
We're using arcsight SIEM & SOAR for last 6 years & 1 year respectively. We need to integrate Mail Marshal which is used as email gateway security in our organization. Kindly consider integrating the device with SOAR asap. We also can project…
Allow Classification using scope value matches regex and scope value does not match regex. This ability is used for other functionality and filters in SOAR.
Hello Team
SOAR does not work with FortiGate Multi-VDOM environment.
Currently SOAR only add IP address or URLs to root VDAM on FortiGate. This is a limitation. Our organisation
It is an important feature to have
Kindly take it as a priority …
Soar Case Search Scope Item Value Operators allow for contains, not contains in subnet and not in subnet. This feature would allow for more precise search operators such as Equals. Current our IPS feeds events to SOAR and has Blocked or Would be Blocked…
In soar you can create search filters for viewing cases. The filters are unique per user and does not allow sharing among other users. This feature would allow filters to be created per user or be able to share filters with other users or users in the…
Hello Opentext,
FortiGate Multi-VDOM environment is not compatible with SOAR.
At present, SOAR only appends IP addresses or URLs to the root VDOM on FortiGate, presenting a significant limitation.
Our project integrating SOAR with FortiGate is currently…
Hello Opentext,
SOAR does not work with FortiGate Multi-VDOM environment.
Currently SOAR only add IP address or URLs to root VDAM on FortiGate. We are currently stuck with the project on SOAR-FortiGate integration and support confirmed to us that…
SOAR should support integrate with Bluecoat Proxy SG version 7.3, as the last supported version shows 6.6 which is too old as compare to latest version.
I have a question about "SCHEDULED PLAYBOOKS" (RESPOND > Playbooks > SCHEDULED PLAYBOOKS) I would like to create a playbook that runs on a regular basis. Is the above "SCHEDULED PLAYBOOKS" the only way to achieve this?
Is it possible to create a playbook…
Hello Team
SOAR does not work with FortiGate Multi-VDOM environment.
Currently SOAR only add IP address or URLs to root VDAM on FortiGate. This is a limitation. We are stuck with the project on SOAR-FortiGate integration and support confirmed to us…
There are several parsers that parse file hashes to the CEF fileHash field. The parsers in some examples ie.McAfee ePO concatenate a text string along with the File Hash and write to the fileHash field. The McAfee ePO parser has the same behavior when…
When looking to get say a filter condition to pass as a condition to the API of the Integration, dynamic values that a pulled from either a list or API query call to the application. I some situations, these would be very dynamic and ever changes. Currently…
Please consider building an ArcSight architecture for SMBs - ESM4SMB
Unified architecture based on ESM with up to 25000 EPS (ESM4SMB), including 1. Based on ESM platform make licensing difference for correlation (ex ESM) and logging (ex logger) (A key…
Currently in the new reporting suite, you cannot control the folders that users have access to.
if a user has read permissions to reporting, then they currently have access to every report and dashboard in the system.
Proposal - Enable the functionality…
Until Arcsight Platfomr 2021 the SOAR capability was distributed with a separate image, but from 2022 it's embedded in Fusion image. This means that a customer who wants to simply install Transformation Hub is obliged to install SOAR also. As it seems…
Cisco SecureX integrated with AMP to provide endpoint risk investigation and isolation capability, this request is to ask ArcSight Respond to integration with Cisco SecureX through API to extend entity investigation and threat respond.
We have integrated SOAR 3.2 to FireEye HX for enrichment purpose.
Currently FireEye HX enrichment supports only three capabilities. We need additional capability for FireEye HX enrichment "Containment".
Right now the user has to enter the UI to pin an enrichment to a case, it is possible to have a playbook do this so when an analyst checks the ticket it is right in front of them?
We have customer would like to change email notification from basic authentication to Ouath 2.0 on ArcSight SOAR. We found this is not supported currently, is it possible to have this feature?
Customers usually needs to protect applications web access like SOAR, Intelligence, ESM CC with their own certificates enrolled by a corporate CA. Usually, when performing such operations, customer are allowed to produce a certificate request for the…
Please review theARB file in the " ArcSight_SOAR_Build_Guide_Content.7z" file in the" ArcSight SOAR "from the ground up" Build Guide" and add this to the ESM Default Content or publish this on the ArcSight Marketplace. This will make it much easier for…
Hi
The Microfocus support have confirmed that there is a limitation on the forwarding connector on the fields it can populate. For example, we have a forwarding connector that is writing correlated alerts to a csv file destination with the following…