• Guidance on Implementing Data Enrichment through Third party threat intelligence Integration in ArcSight

    I am working on a use case to integrate Third party threat intelligence with ArcSight . The goal is to accomplish the following tasks: SIEM Data Enrichment Ingest raw log events into ArcSight. Create empty lookup files in ArcSight for each IOCs…
  • Logger Cache

    Hi Community, I was hoping I could get some assistance regarding a cache issue, it seems as if events have been cached on ArcMC and have not reached the logger pool and only the ESM. AM i able to retrieve these logs and get the them restored to the pool…
  • Logger 7.2 Invalid Session Id

    Hello team, We have faced some issue on the Logger. Logger version is 7.2 and software. When I try free search I faced " Encountered an error while executing the search [sessionId: 2000001]" and search is not running. I checked search dashboard but…
  • Unable to load JDBC driver mysql

    Hi, I'm trying to get an ArcSight SmartConnector (FLEX) to connect to a MYSQL databse to pull some data from a table. I have followed the guide from the FelxConnector ev guide, and copied the latest release of the MySQL jdbc driver to the /opt/arcsight…
  • Arcsight Logger 7.2 backup restore not working

    Hello We have arcsight software logger version 7.2 configured for scheduled backup and it is working fine , while we were testing the backup restore it accept the backup file and completed the process but after the logger restarted we found that the…
  • ArcSight Logger low EPS IN

    Hi all, My arcsight logger is currently having low EPS IN. I have actually rebooted the logger as well as carry out de fragmentation. However, the results are still the same. My Smart Connectors which will be sending the logs to the logger are all…
  • Arcsight logger appliance L7700 process status showing Connector not monitored.

    Hi all, Smart Connectors Logs are cached and not sending logs to ArcSight Logger Destination, In the ArcSight logger appliance L7700 process status showing Connector not monitored. Please help!!
  • ArcSight Logger Appliance L7700 - Arcsight_data_XXX files delete

    Hi Team, Can you assist me in deleting Arcsight_data_XXXX Files from the folder /opt/data/logger/ since these files are consumed 100% all the available 26T disk space. I got to know these files will recycled by Application however I need to perform…
  • Arcsight Logger SSHD

    Hi, I'd received my logger appliances and realized that my arcsight_sshd always automatically switch off after a few seconds after I start it. I had to run "service arcsight_sshd start" and immediately access the ssh before it switches off again. It happens…
  • Event Connector name in Logger

    Events in Logger database have aid or agentId field which contains Connector id. But Connector id is not useful for admin tasks. For example, when i need to find connector in the ArcMC i need its name but not id. How to determine what is name of the…
  • Can't access Reports page. I get a session expired message. How can I fix this?

    Everything else works fine. I can access the Summary, Analyze, Dashboards, Configuration and System Admin pages just fine. All my other colleagues can access the Reports page, only I can't. I tried changing browser, deleting and recreating my user profile…
  • Retrieve .evtx file automated to ArcSight

    I want to pass the .evtx file from (Boldon James data classifier) to ArcSight to make analysis "automatically", though what kind of events Arcsight focuses on it. and make all the processes automated so Arcsight can read it without errors? kindly can…
  • ArcSight logger database error

    Hi, a few days ago I've been having problems with searches in the logger giving an error: example: Error: Encountered an error while executing the search from db: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION **…
  • My ArcSight Logger 6.7 in running query and web loading is very slow and heavy!

    Hi everybody I have an ArcSight Logger 6.7.1.8253.0 with below details specifications: EPS In ~ 9000 EPS Out ~ 10000 Total count of Enable receivers = 12 Total count of Active receivers = 10 Count of ESM Destinations = 2 Count of Forwarders (ESM) = 2…
  • SMTP port other than TCP 25 on ArcSight Logger and ESM or ArcMC

    Hi, I have new SMTP server which uses port TCP 587 but after i have tested something on Logger, it's not successful yet This is what i tested Logger - 6.5.1 I tried to configure it on System Admin and Reports tab but it on System Admin -> System -> SMTP…
  • Pasing logs received from another SieM

    Hi everyone, I'm a beginner in the arcsight solution. I'm looking a method to parse all logs (DB, WEB, ...) arriving from another SIEM (ELK) in syslog format. I cannot install arcsight agent in source machines directly. My question is: Is-it possible…
  • Logger 6.4.1 Reports Error 35002 For input string: \"null\"

    Hi, anyone else getting error 35002 For input string: \"null\" when trying to open a report that has been run adhoc in background on the Logger 6.4.1 version? We are getting this error on two of our Loggers that we updated. I have created a support…
  • Unable to load web user interface

    I tried to connect using direct connect to eth3 with the IP address given by my customer but i am unable to load the web UI. Can anyone advise what could be the issue? I already configure my network with a dummy ip and configure to the same subnet.
  • Previous run still in execution error

    Hi, We have Arcsight Logger version 6.1.0 and when we check it uses 0 cpu on the GUI and the EPSs are zero. When I check the logger_server.log I see that "[ERROR][RRDUpdaterJob][execute][DefaultQuartzScheduler_Worker-7] Previous run still in execution…
  • How to include SmartConnector syslog destination

    I configured destination of remote syslogd with CEF Syslog connector at the syslogd i getting invalid syslogd format, when i did tcpdump i see only CEF payload without syslog wrapper E.g.: CEF:0 ..................... Instead: Sep 10 15:19:01 host CEF…
  • Searching Subnets

    Hi, Would like to ask a question: How do we search for IP addresses in Arcsight Logger? i.e. deviceProduct = ASA and sourceAddress contains x.x.x.x/20 which would find any source addresses in the /20 range. Thanks! Kevin
  • Arcsight logger 6.11 postgresql service not starting

    Hi, Encountered this issue recently so thought would share it: Arcsight Logger 6.11 on RHEL 6.7 The output of watch -n 1 service arcsight_logger status shows postgresql service 'Execution Failed' The output of tail -f /opt/arcsight/logger/userdata/logs…
  • Unable to Install ArcSight Logger in VMware

    I downloaded a tar file (ArcSightESMSuite-6.9.1.2022.0.tar), untarred it and then tried to install tghe ArcSight logger from the logger subdirectory in one VM where I had installed Centos 7.x in the VMware Environment (I was not able to get the OVf file…
  • arcsight logger retention - File deletion

    What We did created some space in Logger. Previous we have 365 days of online log retention. we have change to 180 days so in logger Dashboard i am able see that logger create free space but when i am checking from CLI(command line) it showing me the…
  • Connector for Windows nested events

    Hi, I would like to know whether WUC or Windows Native connector support collecting nested events from Windows hosts? I specifically mean the DNS Analytic logs in the event viewer on Windows 2012 R2 server. Path: "Event Viewer->Applications and Services…