A clarification is provided on why the Galaxy Threat Acceleration Program Connector binaries are having issues when connecting to the Threat Acceleration server
Environment
ArcSight SmartConnector (Connector) 8.X.X
Situation
During…
An explanation is provided for the message "This report layout is not suitable for the Raw Text format output. This report does not contain any grid." for Logger reports that generate CSV files
Environment
ArcSight Logger 7.X.X Software…
Some clarifications are provided some of the files that may be found inside of the agentdata folder/directory of a SmartConnector
Environment
ArcSight SmartConnector (Connector) 8.X.X
Situation
There is a confusion about the meaning…
Some suggestions are provided whenever a set of pods are shown on the Evicted status
Environment
ArcSight Platform 2X.X.X with any of the below capabilities:
Fusion/Core
Transformation Hub
SOAR
Recon
Intelligence
Situation…
This issue is part of KM000008641.
Environment
ArcSight SOAR 3.11.0
Situation
The SOAR UI displays a license error, as shown in the screenshot below:
After following the instructions in KM000008641, the issue was not resolved…
This article provides the steps for doing the integration of the Palo Alto Cortex XSOAR platform with ArcSight ESM
Environment
ArcSight Enterprise Security Manager (ESM) 7.X.X Software and Appliance Form Factor
Situation
As part of…
This article provides the steps for doing the integration of the Palo Alto Cortex XSOAR platform with ArcSight Logger
Environment
ArcSight Logger (Logger) 7.X.X Software and Appliance Form Factor
Situation
As part of a new requirement…
This KM described how to address the issue ArcSight LoadBalancer unable to start after upgraded from version 8.4.0 to version 8.4.6 and higher due to the node version mismatch.
Environment
ArcSight LoadBalancer 8.4.0 upgrade to 8.4.6 and…
ArcSight FlexConnector Regex Folder File does not read logs in real time as logs are updating. Solution is to use “ArcSight FlexConnector Regex File” instead of “ArcSight FlexConnector Regex Folder File” and configure preservestate=true and startatend…
Environment
ArcSight Enterprise Security Manager (ESM) all version
Situation
Checking apache's version and other components' version such as Tomcat, MySQL, PostgreSQL for CVE investigation purpose or confirm version after upgrading.
Read full…
Process 'apache' Execution failed due to port 443 is already in use and need to be stopped completely before starting it
Environment
Logger software 7.x
Situation
Process 'apache' Execution failed. Stop and start the service seperately…
After a Logger appliance OS has been upgraded to RHEL 8.8, the root password cannot be changed
Environment
Logger L7700 OS upgrade from RHEL 7.9 to 8.8
Situation
After a Logger appliance OS has been upgraded from RHEL 7.9 to RHEL…
Logger's configurations are not restored after restoring config backup due to the restore procedure is not able to decompress them due to a missing RHEL 8.8 required parameter
Environment
Logger L7700 appliance running on RHEL 8.8 Software…
Configuring the arcsight service startup behavior require to use chkconfig tool to modifying startup mode. However installing chkconfig may face “Error unpacking rpm package” issue due to the system is unable to create the symbolic link for the installation…
A workaround is presented when the "itom-vault" is in a CrashLoopBackOff status and most be recovered using a backup
Environment
ArcSight Platform cluster 2X.X.X
Situation
The "itom-vault" pod is in a CrashLoopBackOff status.
Find…
Error message appears in the connector agent.log [ERROR][default.com.arcsight.agent.loadable._DOSProtector][run] Field [requestUrl] truncated to [http://<longURLmessage>] (message=3531, rawEvent=279, requestUrl=159809)
Environment
Connector…
Some steps are shared on how to verify if a Connector is dropping events
Environment
ArcSight SmartConnector (Connector) 8.X.X
Situation
As part of an audit process, it must be checked if a Connector or Connectors are dropping events…
Some clarifications are provided regarding the internal users "mysql.session" and "mysql.sys" which are present in the MySQL database of ESM
Environment
ArcSight Enterprise Security Manager (ESM) 7.X.X
Situation
As part of an audit…
This KM described how to fix the issue runagentsetup script not able to start in SmartConnectors.
Environment
SmartConnector version 8.x Windows Server 2022
Situation
The script runagentsetup executed but nothing happened. SmartConnectors…
Dear community member,
Our threat Intelligence solutions are integrated with VirusTotal's portal. When you find an asset you are responsible for reporting malware or malicious activity, you can trigger a false positive reporting process implemented…
A workaround is presented on how to find zombie processes that may be blocking the execution of the runagentsetup script of a Connector
Environment
ArcSight SmartConnector (Connector) 8.X.X
Situation
When executing the runagentsetup…
This KM will demonstrate how to resolve the error "error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory" when running the command `./httpd -v` on ESM.
Environment
Any version…
This article provide instruction how to turn off asset auto-creation to avoid heavy performance on ESM
Environment
ESM 7.2 and above
Situation
ESM encounters heavy performance issue as in server.log, the below error is repeated.
…
Environment
ArcSight Enterprise Security Manager (ESM) 7.x
Situation
All the reports in our ESM has stopped archiving even though the reports are scheduled and the archiving folder path is configured.
From server.log:
[ERROR][default.com…
Observed the error message in loadbalancer.log which related to the destination monitoring. [ERROR][Load Update Thread 111][com.arcsight.lb.monitoringPerf.b][login] - Please check the credentials for Connector tcp-syslog-connector-1 Error Message [; nested…