• Manager receipt time is one hour less than the time in our time zone

    Hello. It turned out to be a problem specifically for the Linux system, that the manager receipt time is one hour less than the current time. (By Linux I mean ArcSight console installed on Ubuntu). If the console is on Windows, then there is no such…
  • ArcSight Console: start time/ end time of event are similar

    Hello I have a more theoretical question regarding the operation of the console: the start time and end time values ​​of the event in the system match. It is right? Is it possible that something is configured incorrectly? Thanks in advance Bohd…
  • Device Vendor = IBM / Device Product AIX Audit

    Hello guys, I would need your help for a situation we recently observed. For a same device, we observe two different Device Vendor. But the format of the logs is quite the same. Here are the raw logs: <86>May 13 10:20:00 BFBFEIGAAPZP01 sshd[2219]: Invalid…
  • time ranges in ESM Console (+ECC) not filtering out events - clarifications needed

    Hello to Everybody, I have some some issues working with time ranges in ESM Console or in ESM Command Center (by using where keyword). I would like to search for different events during a period of multiple days, but before+after working hours and I tried…
  • Loading Event... ID: ..... issue in active channels

    Hello, I have been checking for any info on this issue but all the suggestions provided (in old cases here) have not resolved this for me. I have been running ESM for several years now and this has been an issue for me with every and all versions of…
  • Syntax error during ArcSight Console Installation on Linux

    Hello there, I am trying to install the ArcSight Console 7.6 on the latest Kali distribution. The installation runs through smoothly. But as soon as I run ./runconsolsetup.sh I get the following error: Assuming ARCSIGHT_HOME: /home/arcsight/console…
  • Package framework locked by [username] for install packages?

    Hello Experts, while synchronizing the ESM DC and DR and push the packages between them i have this error in the Command center, also if i want to export or import .arb packages faces the same issue Kindly, how to unlock this account?
  • import package FAILED!!

    i have two ESM when i export and import packages from one to another, i face this issue
  • Import csv into ActiveList with utf-8 encoding

    Hi folks, I tried to import a csv into an active list that I created. The problem is the formatting. Uncommon characters (like, ä,ñ,í,ß) are not parsed properly. We end up with strings like Neustädtische Strasse - (ä) Pascalstraße 10 - (ß) Calle…
  • Notification When A Device Stops Sending Logs To connector

    Hello, Can someone help with a rule that can be created when a device stops sending logs to a connector on Arcsight Console even when the connector is active and running
  • Arcsight Connector to send an e-mail when it is down, not in the first event, but if it continues after 15 minutes..

    How can I get the Arcsight Connector to send an e-mail when it is down, not in the first event, but if it continues after 15 minutes ? I do not want to know that normally the connector was not the down because it was up again a few minute later. I need…
  • Unable to connect to manager using Console 7.5 in FIPS mode

    No matter what we seem to do, installing Console 7.5 doesn't seem to work in our environment. We keep getting this [GC (Allocation Failure) 160536K->35106K(224768K), 0.0092859 secs] Nov 17, 2021 4:51:46 PM org.bouncycastle.jsse.provider.ProvTlsClient…
  • Changing the mail report that sent from ESM console.

    Hello, How do I change the text of the mail body that is sent with attached report from ESM console? Thanks in advance Ran
  • How to extract a specific string from "message" field in ArcSight ESM Console ?

    Hi All In the "message" filed I have a specific string (Virus Name and hash code). In the ArcSight Logger with the "rex" function, I can extract it very easy. But how can I extract this string from the "message" field in ArcSight ESM Console? I think…
  • All ArcSight ESM Console users can Chat together internally !

    Hi developers This Idea sending here Because the "Idea Page" is disabled! I think if all ArcSight ESM Console users can Chat together internally for any negotiations, that's so useful. the "Cases" resource maybe is handled this application request. BR…
  • How to Export Active List entries to the notification destination email automatically?

    Hi All, I have an Active List of many IP addresses. in this case, I want to send the entries of this active list to a destination notification group automatically by a scheduled job. How can i do this task? Best Regards, Amir
  • How can I Fix Package Importing in ArcSight ESM Console?

    Dear All I want to Import Packages from ArcSight ESM Console 7SP1 to ArcSight ESM Console 6.9SP1, But in the processes, I get below ERROR: how can I fix this problem? BR Amir
  • how to resolve and fix the "Manager Unresponsive" pop-up Notification in ArcSight Command Center?

    Hi I installed an ArcSight ESM 7.0SP1 Software with below Resources: RedHat 7.4 x86_64, 80 Core CPU, 512 GB Memory, 6 TB SSD After Raid5 Storage Also we have about 20k EPS and average 450 G/day log Retention Period (days)=30 generating report and investigation…
  • why ArcSight ESM Console Shows incorrect information "ESM Console Users Current Value = 2"?

    dear all i logged in esm console with 1 existing console user. but in intro windows after login i see below notification: the value of current value column is 2 but i have 1 admin user. whrere is the problem? for more information please find attached…
  • ESM - Logical Operator Question

    Hello, Hopefully, this is a quick one to answer. I am rewriting a rule in the console. the rule is as follows Event1 OR AND Matches Filter X Device Custom String1 = 1 AND Matches Filter Y Device Custom String1 = 1 This equates to in the summary tab: Matches…
  • ArcSight-Console. installation file Needed !

    Hi All I need the ArcSight Console installation file for old version is there anybody share with me? BR Amir
  • ArcSight ESM and Console 6.11.0 Installer

    Hi EveryBody Is there anyone who has ArcSightESMSuite-6.11.0.xxxx.tar and ArcSightConsole-6.11 file ? I will be appreciated if someone share it. Thx
  • ESM 6.9 REST API - Is there a way to get Conditions and Actions for a specific Rule?

    Hi I want to get Conditions and Actions from specific Rule via REST API to generate a report with this information so we can compare changes and differences on each generated report. It'd be good to have the information displayed as when editing 'Rule…
  • Moving Average Question and Probably Missed Configuration !

    HI I created a moving average like below: Availability Interval: 15 Stats Value Field: Aggregated Event Count Value Calculatotion: sum of Value Group By: Target Address Sorted By: Percent Change Alarm Change Threshold: 150% Namber of Samples: 50 Number…
  • Use Case: Be alerted when event viewer is opened - Help

    Hello, I wish to find out when a user views/deletes/modifies the event viewer. I thought that this could be a pretty common use case and was wondering if anyone has any experience with this already? Just looking for starting points and any tips. Regards…