Popular Tags

  • Creating and Integrating a Smart Connector into the Existing ArcSight Infrastructure

    Hello, I’m new to the ArcSight platform and I’m looking to integrate a third-party threat intelligence feed with ArcSight. The feed data will be provided through an API, and I want to ingest this data into ArcSight for threat analysis. ArcSight already…

  • How to integrate OpenVAS vulnerability scanner and ArcSight?

    Hi geeks, In a SOC, the OpenVas tool is used as a vulnerability monitoring system. While their SIEM is ArcSight. Today I have to configure OpenVAS send the scan results to the SIEM. But there seems to be no official Smart Connector for Greenbone OpenVAS…

  • Survey: ArcSight Connector Usage 2018

    The purpose of this survey is to obtain feedback from Micro Focus ArcSight customers regarding their usage of Smart Connectors. To better maintain and update ArcSight connectors, it is useful for us to know which connectors are most important in your…

  • I'm looking for a listing of the commands that can be added to an agent.properties

    I'm trying to understand some of the commands that are present in the agent.properties. I've looked throug the documentation and have been unable to find anything does anyone have a listing Regards Mark

  • Smart connector for domain controller not able to connect to the server

    Hi, I am tryinng to install the smart connector for getting logs from my domain controllers. I provide all the details but get the following error in the middle of connector installation " Connector table parameters did not pass the verification with…

  • Workaround for parsing issue found in 7.2.x SmartConnector for WINC

    Workaround to be inserted into connector install location. 1) Create "winc" folder in /fcp 2) Folder structure should be user\agent\fcp\winc\security\microsoft_windows_security_auditing.sdkkeyvaluefilereader.properties 3) Place file in folder ensuring…
    • microsoft_windows_security_auditing.sdkkeyvaluefilereader.properties.zip

  • SmartConnector for Oracle DB connection persistence / multiple idle connection issue

    Hi, After we've upgraded the SmartConnector to version 7.1.2, Oracle DBAs reported that there are 5 concurrent connections per connector from which one is active and four seems to be idle. This is making performance impact on DB side. Based on the information…

  • To upload single cef file in smart connector is possible to push into the logger. but how to upload cef folder that have multiple cef file in smart connector? is it possible?

    To upload single cef file in smart connector is possible to push into the logger. but how to upload cef folder that have multiple cef file in smart connector? is it possible?

  • ActiveSync, OWA and Outlook to Exchange - HttpProxy Logs connector

    Hi, on ActiveSync, OWA and when outlooks connects to exchange we generate HttpPoxy logs that are standard Microsoft logs. Logs from all the channel are the same and they are written to the LOG files and look as follows: HttpProxy_2016012609-1.LOG DateTime…

  • Trouble with adding hosts to Windows Event connector

    Hello all, I am in the process of migrating my connectors to a new host and am having some trouble. The new Windows connectors are in place on the new host, port 445 has been opened between the host and all of the machines that the connector needs to…

  • Do I need a dedicated connector server to install connectors? How about installing the connector in the end device?

    Kindly help me in sorting out and understanding the organizational and technical complexions on playing around in some logical ways. With respect to this particular smart connector I need a clear picture.

  • Pause or Stop events to be sent to the logger

    We have a setup as follows: 1 ESM , 2 logger appliances(No peering), 2 connector servers on Windows , configured in cluster without using a shared storage. We have installed Windows Unified Event Connector, Syslog Event Connectors, Checkpoint Event Connectors…

  • Hi all,

    Since the smart connector update between 7.0.5 to 7.1.5 many events with Device Severity "info" or "debug" and with the Agent Severity "high" are classified. What is the decision for Agent Severity on the new smart connectors?

  • Kaspersky DB SmartConnector KES 10.0 Windows Service Issue

    Hello guys, I've configured the smartconnector for Kaspersky Security Center 10.0 (Kaspersky_db), when I run the connector via cmd: C:\Kaspersky>arcsight agents The connector works without problems and sends all the Kaspersky events, but when I start…

  • Microsoft IIS issue - getting duplicate logs

    HI , We have Microsoft IIS smart connector installed, which is collecting duplicate logs (logs look like same hostnames with one entry coming in capital and lower case (duplicate)). below is the agent.properties file, #ArcSight Properties File #Thu Aug…

  • Unable to re-register ESM manager destination after upgrading SmartConnector

    After upgrading our SmartConnector software to 7.1.6 on a Windows 2012 R2 server, events failed to start forwarding again to one of my ESM managers. So, I stopped the SmartConnector service, ran "arcsight agentsetup" and removed the ESM destination. I…

  • Conditional Mapping Ignored

    Hey! I'm working on conditinal mapping to ID Based Flex MultiDB Connector. First, I map general field like this: event.name=AnomalyType Next, i try to use conditional mappings like this: conditionalmap.count=1 conditionalmap[0].token=event.name…

  • Rule Action To Run PSEXEC not working

    Hey! I have a rule that i want to run some batch script which use PSEXE at the and to run command on remote computer. the script is running fine, but the psexec filed. the connector's log says: java.io.IOException: Cannot run program "c:\windows\system32…

  • McAfee ePO - Source Adress empty but in Device Custom IPv6 Address2 - Parser Override

    Hello Community, I want to deploy a parser override for McAfee ePO to populate IpV4 source address from IPv6 adress. The IP address is looking like this: ::FFFF:1.2.3.4 1. Parser Location .../current/user/agent/fcp/epo_db/virusscan4_5_virusscan.sdkibdatabase…

  • McAfee ePO map files

    Hello, maybe helpfull for some of you, find attached map files for McAfee - ePO. Volker map.0.properties.zip
    • map.1.properties.zip

  • Does anyone have experience routing a smart connector output to logger via a proxy?

    I need to route smart connector output to logger via a proxy server. I have found a little documentation about modifying the connector's net.properties file but it does not appear to be fully documented or supported across all connectors.

  • WINC Connectors and Port Usage

    Hey All, Not sure if anyone else has run into this one before. WINC appears to use the Message Queue Server on Windows for event collection. When you attempt to install more than one WINC connector you receive an error message from the installer that…

  • Apache / Microsoft IIS connector

    Dear Experts, Currently I am trying explore the arcSight logger (Free version). I already setup the logger and windows connector. I am also trying to get the log data from apache web server. Could you please tell me the steps to follow in order to set…

  • Solaris 11 log base lining required

    Hi All, I have a requirement to integrate Solaris 11 with ArcSight. Below are the list of configs. I have done so far, 1. On Solaris server, edited syslog.conf and added syslog connector IP. 2. No iptables enabled on the server. 3. UDP Port 514 is open…

  • Question about hostnames

    Hello Guys, Does any of you know why in the destinationHostname or sourceHostname the hostnames are not constant for example I have the following: SERVER1 SERVER1.Dominio.com Why in some logs I have server1 and other server1.domain.com? The source of…

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.