This article provides the steps for doing the integration of the Palo Alto Cortex XSOAR platform with ArcSight ESM
Environment
ArcSight Enterprise Security Manager (ESM) 7.X.X Software and Appliance Form Factor
Situation
As part of…
This KM described how to address the issue ArcSight LoadBalancer unable to start after upgraded from version 8.4.0 to version 8.4.6 and higher due to the node version mismatch.
Environment
ArcSight LoadBalancer 8.4.0 upgrade to 8.4.6 and…
ArcSight FlexConnector Regex Folder File does not read logs in real time as logs are updating. Solution is to use “ArcSight FlexConnector Regex File” instead of “ArcSight FlexConnector Regex Folder File” and configure preservestate=true and startatend…
Environment
ArcSight Enterprise Security Manager (ESM) all version
Situation
Checking apache's version and other components' version such as Tomcat, MySQL, PostgreSQL for CVE investigation purpose or confirm version after upgrading.
Read full…
Process 'apache' Execution failed due to port 443 is already in use and need to be stopped completely before starting it
Environment
Logger software 7.x
Situation
Process 'apache' Execution failed. Stop and start the service seperately…
After a Logger appliance OS has been upgraded to RHEL 8.8, the root password cannot be changed
Environment
Logger L7700 OS upgrade from RHEL 7.9 to 8.8
Situation
After a Logger appliance OS has been upgraded from RHEL 7.9 to RHEL…
Logger's configurations are not restored after restoring config backup due to the restore procedure is not able to decompress them due to a missing RHEL 8.8 required parameter
Environment
Logger L7700 appliance running on RHEL 8.8 Software…
Configuring the arcsight service startup behavior require to use chkconfig tool to modifying startup mode. However installing chkconfig may face “Error unpacking rpm package” issue due to the system is unable to create the symbolic link for the installation…
Learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced to triaging and resolving cases with ArcSight SOAR. …
3-7305 - ArcSight ESM Advanced Administrator - On Demand
On Demand Courses are valid for 30 days and can be purchased directly using your credit card. Hands-on Labs provided when you purchase individual self-paced course, as a subscription users you…
A workaround is presented when the "itom-vault" is in a CrashLoopBackOff status and most be recovered using a backup
Environment
ArcSight Platform cluster 2X.X.X
Situation
The "itom-vault" pod is in a CrashLoopBackOff status.
Find…
Error message appears in the connector agent.log [ERROR][default.com.arcsight.agent.loadable._DOSProtector][run] Field [requestUrl] truncated to [http://<longURLmessage>] (message=3531, rawEvent=279, requestUrl=159809)
Environment
Connector…
Some steps are shared on how to verify if a Connector is dropping events
Environment
ArcSight SmartConnector (Connector) 8.X.X
Situation
As part of an audit process, it must be checked if a Connector or Connectors are dropping events…
Some clarifications are provided regarding the internal users "mysql.session" and "mysql.sys" which are present in the MySQL database of ESM
Environment
ArcSight Enterprise Security Manager (ESM) 7.X.X
Situation
As part of an audit…
This KM described how to fix the issue runagentsetup script not able to start in SmartConnectors.
Environment
SmartConnector version 8.x Windows Server 2022
Situation
The script runagentsetup executed but nothing happened. SmartConnectors…
A workaround is presented on how to find zombie processes that may be blocking the execution of the runagentsetup script of a Connector
Environment
ArcSight SmartConnector (Connector) 8.X.X
Situation
When executing the runagentsetup…
This KM will demonstrate how to resolve the error "error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory" when running the command `./httpd -v` on ESM.
Environment
Any version…
This article provide instruction how to turn off asset auto-creation to avoid heavy performance on ESM
Environment
ESM 7.2 and above
Situation
ESM encounters heavy performance issue as in server.log, the below error is repeated.
…
Environment
ArcSight Enterprise Security Manager (ESM) 7.x
Situation
All the reports in our ESM has stopped archiving even though the reports are scheduled and the archiving folder path is configured.
From server.log:
[ERROR][default.com…
Observed the error message in loadbalancer.log which related to the destination monitoring. [ERROR][Load Update Thread 111][com.arcsight.lb.monitoringPerf.b][login] - Please check the credentials for Connector tcp-syslog-connector-1 Error Message [; nested…
Environment
ArcSight Logger version X
Situation
There is no limitation on the number or type of receivers, or its maximum throughput. However, adding more than 40 to 50 receivers may affect performance. A high incoming event rate and large event…
This article describes the process to use parser overrides on a given connector. This applicable for the user already has the zip file that contains the parser override.
Environment
ArcSight SmartConnector all versions
Situation
This…
Error 'Unable to validate Event Hub names' during deploy the Microsoft Azure Event Hub Connector due to the IAM role has not assigned to the application in Event Hubs Namespace
Environment
SmartConnector version 8.4.x
Situation
Error…
Environment
ArcSight ESM version 7.7
Situation
1. While testing outgoing email using the internal SMTP server in the manager setup, the email could not be sent to the destination mailbox.
2. Set `email.debug=true` in the `/opt/arcsight/manager…