• JSON parser

    HI Your help is needed. I came across this JSON event format: { "results": [ { "id": "667e8d33156b6c38232c9043", "name": "SQL Injection attack (S3)", "description": "SQL Injection attack hitting the server at HTTPS. Same IP should not appear more…
  • Regex File Flex Connector for JSON events Again

    Hi all I want to return to this question again. I managed to configure the Flex Connector Regex File so that it doesn't return regex mismatch errors, but events still don't go to the active channel. Please take a look at my configuration file and…
  • How ArcSight FlexConnector JSON Multiple Folder Follower works

    Hello. Please explain to me how the JSON Multiple Folder Follower Connector works I am interested in real-time file monitoring. For now, I'm training on an artificially generated file and artificially generated JSON events. When I start the connector…
  • Regex File Flex Connector for JSON events

    Hello, I have a problem. I'm using the Regex File Flex Connector to process JSON events. The configuration file is written correctly, the regular expression has been tested in the relevant services. And at the output, in the agent.log file for my connector…
  • JSON Flex Connector handling sub-array

    I am developing a JSON Flex Connector for Symantex SES. The data consists of Incidents, and each Incident may have 0-many associated Events in a sub-array on the Incident. This Events array is not keyed, so it does not seem a candidate for processing…
  • Pulling event from an ElasticSearch index to ArcSight Logger using the Flex REST json connector ?

    Hi all, I have a need to pull data from an ElasticSearch index to my ArcSight Logger instance. I'm not using the Kafka module to send event from logstash to Logger, I want to pull them directly from the elastic service into Logger, using a smartconnector…
  • FlexConnector JSON parser - Could not retrieve trigger nodes

    Hello, My FlexConnector (FlexConnector REST) has problem with parsing JSON, I cannot find mistake. Agent.log writes: [2019-08-16 15:55:45,220][WARN ][default.com.arcsight.agent.sdk.b.h][getTriggerNodes] Could not retrieve trigger nodes for the trigger…
  • Connector that makes Automatic API Calls

    Is there a type of connector that AUTOMATICALLY makes API Calls in a way that is transparent to the user ? I want ArcSight to check automatically a certain field against an API and return a certain value maybe in a JSON String which we will parse. not…
  • How to parse variable JSON fields for the same event type?

    I am trying to parse Azure Resource Manager logs using the JSON FlexFolder Connector and am having trouble with how to configure the parsing file when there are fields that do not appear in all events. There are two event examples below, jobs/write and…
  • JSON folder follower connector parsing JSON array files where there are more than one type

    Hi All, I've installed a JSON folder follower connector to read a folder /data for content. My parser file, xyz.jsonparser.properties works for the JSON files being written to /data. They are all of one type i.e. contain the same name/value pairings.…
  • I need a map file for Symantec in JSON format

    Has anyone written a map file for email feed from Symantec? We receive the messagelabes clean email reporting and will require a map file for the JSON connector to work.
  • Azure Log Integration for ArcSight - Multiple JSON parsers?

    Hello, While following the documentation for Azure log integration with SIEM ( link ), i've created a JSON connector and added the AzureRM json parser. This works great, but RM only parses the Resource Manager itself. I've wanted to make sure that, next…
  • ArcSight connector SOAP XML

    Hello, is there a way, how to read logs by SOAP in XML format? I've found only FLEX for REST JSON... Is there another way to do it? Thanks Jan
  • Procedure for creating custom parsers in WINC

    Hello all I'm trying to break into various application logs coming out of Custom Logs. In particular, Poweshell/Operational logs. The doco is very light on and doesnt really explain how to name the folder structures when working with custom logs for example…
  • Records in JSON-format

    Hi guys! I’m using ArcSight Flex connector in ‘Syslog Daemon’ regime for sending some records (that in JSON-format) to ArcSight ESM. I’m put them in to the field ‘msg’. I found, that if my record have nested records, and they are not in first place, in…
  • ArcSight REST Flexconnector

    The REST flexconnector queries by default using the method GET. Does anyone know how to change it to POST? The most common logic seems to be that it would be a config line in agent.properties, but I have had no success in finding the config. I have also…
  • arcsight esm api call with php

    Hi, I want to know how can we call arcsight esm api using php code(using curl). If we want API to return data in json format, what is the procedure for same. I am getting data in xml by default. Thanks
  • Custom parser for Windows event log

    Good day I am quite new to using Arcsight Logger and using the SmartConnectors Firstly we are not licensed for using the Flex Connector, so I am looking at a way to create an additional parser for the Windows event log Smartconnector I am busy going through…
  • McAfee Advanced Threat Defense - JSON over Syslog - Various JSON Messages

    Hello, I'm trying to integrate McAfee ATD with Arcsight. The ATD is sending syslog with JSON format. The complexicty is by having couple of different JSON format with the ATD syslog message. For example: 1. {"Summary": { "Event_Type": "ATD File Report…
  • how to handle a json response from counterACT

    I have a situation where I need to parse the response from a counterACT command. The guide only mentions an additionalregexparser in the fcp directory it doesnt mention any other parser types for second level parsing. So my first thought was to pickup…
  • Does anybody have a sample JSON Flex connector that I could use as a template?

    I am trying to write a flex for JSON, when the flex reads the JSON file I get the error "Found less tokens than expected". If anybody is willing to share their flex and sample JSON which is reading that would be great.
  • JSON FlexConnector ( from syslog)

    Hello, I have a system sending events via syslog to my connector, but the format seems to be JSON. I have never installed a JSON connector so in the first phase I wonder/ask if the JSON FlexConnector can read from a file or pipe where the syslog writes…
  • ArcSight AWS S3 CloudTrail JSON FolderFollower FlexConnector

    JSON parser file attached, this is not a drop-in, customization for your environment will be required, consider this a template.
  • ArcSight FlexConnector for HP Helion OpenStack

    The attached file 'HP Helion OpenStack and ArcSight - Final.zip' contains the resources listed below.  Please watch the short 6 min. video of this integration (no audio) before proceeding. Logstash configuration file ArcSight FlexConnector for HOS ArcSight…
  • JSON FlexConnector

    Hi all, Is anyone aware of plans to develop a JSON FlexConnector framework? I can see the framework already exists in the Cloud RESTful Connector, and am currently looking at a way of spoofing the collection. I imagine formal support of JSON, if it is…