• Global variables in ArcSight

    Hello. Perhaps a slightly incorrect question, but nevertheless. Can I use global variables in ArcSight - is this a best practice? Thank you in advance Bohdan
  • How to make global variable to active list field

    I have an active list named as 'Malicious IP'. It is having two fields 1. IP (Malicious IP) 2. Tags (Like Spam, exploit, etc) I am matching this IP Field with firewall data (To know malicious communication) and when a match is happening, I am storing…
  • What does "Ad-hoc (in-memory) global variables" means?

    Hi, I created the Active List. I will set the Active List on "Filter" field as conditions on Global Variable. However,I found the description on page 448 of "User's Guide ArcSight Console ESM5.5". >Global variables depend on a pre-defined schema, >so…
  • ArcSight default global variables

    Hello, Is there any list Arcsight ESM default all global variables? I cannot find in manuals. Thanks, Keiko
  • global variable selector problem

    Hi, I created a query that matches a filter i created. Bu i want to add a global variable (TotalBytes) to this query. When i select the variable and add to fields it adds however, when i click the apply button in query it disappears. Tried several times…
  • Is it Possible to Extract a Substring using Evaluate Velocity Template Variable

    Hi All, I am looking forward to extract an "IP Address" from the filed named "File name" using Evaluate Velocity Template variable. The event in the field looks like "UseCase - 1.1.1.1 xxxxxx" where "xxxxx" may be any random string which may/may not be…
  • Excluding Maintenance Window in a Report

    We currently have a report that returns data over a week and need to exclude any events generated during two maintenance windows at different points during the week. One is Saturday night from 2200 - 0300, the other Sunday night from 2300-0300 How would…
  • Global Variables in Join Conditions

    Greetings All, I have created a global variable which captures a substring in the message field. Can I use this global variable as a matching event attribute in join conditions? I did not see an option to add variables in rule CCE as we see in active…
  • Global variable usage in filters

    Hello, I have a global variable that extract Hour from the endTime field. If I use it in fieldsets everything looks fine it gets  the right hour. Problem comes when  I try to use it in filter for example: I want to find all events that happened after…
  • ESM6 global variables and field issues

    Has anyone seen issues with global variables and fields in ESM 6? -J
  • How can I create a rule that will create Cases based on a numbering schema i.e. Case001, Case002 etc

    Hello, I am trying to have ArcSight create cases for our workflow process, and dynamically name those Cases by a Case number such as Case001, Case002, Case003. However I have discovered that ArcSight has no means to track created cases by number and then…