Hello.
I've tested many options from other articles on this topic, but I still haven't been able to solve this problem.
My flex connector parses events where the entire text in Ukrainian looks like this when output to the ArcSight console:
Maybe…
Hello
A file has a certain set of fields, as in the example below. These events are combined into small groups of 3-4 events (they are united by a common theme), and there is a gap between these groups for visibility.
As far as I know, the connector…
Hi
Does anyone know how to work around the problem where the flex connector does not collect events in ArcSight because they contain Cyrillic text.
P. S. Tested on working connectors, so I am 100% sure that this is the problem.
Thanks in advance…
Hi
Here's the situation: I didn't pay attention to see if this happens on all connector types, but now I'm setting up a Flex Connector Regex File and everything is working fine, however I noticed if I manually send into the file one event, they don…
Hi all
I want to return to this question again.
I managed to configure the Flex Connector Regex File so that it doesn't return regex mismatch errors, but events still don't go to the active channel.
Please take a look at my configuration file and…
Hello
I have a more theoretical question regarding the operation of the console: the start time and end time values of the event in the system match. It is right? Is it possible that something is configured incorrectly?
Thanks in advance
Bohd…
Hello!
I have a strange issue of number of all events.
I use ESM 7.5, events come from thub filtered topic.
If I see the Command Center licenseusage, it shows approx. 451 million events, which is abnormal, very high.
If I see the Command Center…
Hello,
I'm working with an already integrated arcsight system.
I need to know if possible, is there a basis or documentation available that outlines the triage/prioritization of Office 365 events in Arcsight?
Thank you
Hello, I have notice that my events are duplicated (they are identical) where should I look to repair this ? I am using Windows natives connectors connected to the Logger and from Logger events are forwarded to the ESM. Thank you.
Hi All, I am sharing my Flex for Centrify. I also opened a ticket with ArcSight a year ago to have this added to the list of CEF Connectors, and still no updates Ticket: SD02349662 - Feature Request: CON-21924 So posting it here for the benefit of everyone…
Hello! I have some problems with ArcSight ESM. ArcSight cuts off some of the values in the fields. But this does not happen all the time. The conversation will be only in the context of a single source of events. For example. First event --> DeviceProduct…
I've got an unusual issue with our instance of ArcSight (it's quite old 6.9.1c Patch 2 version). I've tried to create a rule for each first event, that contains a logon (or failed logon) to AD of any user. So first I've created a filter that catches all…
I wanted to know if anyone has ever been successful matching two active list fields (one key and one non-key) to one event field for a report. In a nutshell, if I have an active list showing domain location and domain name(mapping to attacker or target…
Hi, I have requirement where I am required to separate data of two customers stored on a single logger. Since separating entirely won't be possible , so am working to just copy the data of one client on to the other logger . I went through data migration…
Hello, I was wondering if it is possible to display differences in logs via a dashboard? Kinda like a trend in which you can check if specific events are not sent in the e.g. last 1 hour.
We have identified specific Exchange events we want to monitor within our environment. We want to capture- Badmail Defer Fail Poisonmessage Resolve After reading the MicrosoftExchangePowerShellConfig.pdf guide I am a bit unsure of things. Is audit logging…
Hello All, Has there been any discussion here on Protect, as to what types should be forwarded from various sources? For example, even if the source device is set for a particular logging level, what should be filtered out considering from a security…
Hi, Would like to share on the following report query which we are using to generate an arcsight report if device sources are sending logs daily: 1. Enable agent:043 health events to be sent from smart connectors to logger, set health events to be sent…
Hi All, Due to special circumstances, would like to check if it is possible to import the following into ArcSight: Windows Event Logs (evet) Oracle DB Audit Logs We have both of the logs backup and we require a way to import it into ArcSight. Any help…
hi all, arcsight manager is unable to load event details in the active channel. device has enough disk space as below [root@ manager]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 545G 21G 497G 5% / tmpfs 127G 0 127G 0% /dev/shm /dev/sda1…
Hello, I am having some disturbing issues with the geographical location fields (as an example: Attacker Geo Longitude, Attacker Geo Latitude...) from the events in the ArcSight Express Console. The main objective is to achieve that all the events do…
I have installed syslog daemon smartconnector version: 6.0.7.6901.0 on rhel 6.1 which listens at UDP 514 for all IP and forwards the parsed events to UDP 514 CEFEncripted smartconnector from there to ESM 6. From the time I have installed I am only getting…
Hi all. I have this scenario: A) PRODUCTION ENVIRONMENT = 1 SmartConnector 1 Logger. Both getting events from my Firewall. B) TEST ENVIRONMENT = 1 SmartConnector 1 Logger. Both getting events from my Firewall. Situation: I'm making some tests in my "TEST…