Popular Tags

  • CEF event with syslog header gets device addres/hostname parsed wrong if CEF has dvc=entry

    Hello, we have CheckPoint firewalls sending events over syslog in CEF format. Problem is, that events has also the SYSLOG header containing deviceAddress. For ChceckPoints Identity Awareness events gets generated like this: Jan 13 14:25:36 xx.xx.xx…

  • ESM hostname through velocity variable in report's name

    Dear all, I couldn't find a way to get ESM's hostname through a variable inside a report name. And neither found this documented in anywhere. Is any of you that successfully did this?

  • use system variables in flex connector

    Hi Does anyone know if I can use the system variables in a flexconnector ex. the hostname of the server the connector is installed on? I like to not hardcode the hostname, because I need to install this connector on several servers and don't want to change…

  • HP-UX device host name regex extraction

    Hi Guys Recently I had to integrate a HP UX log source. I was not able to find much help on how to extract the hostname from the audit log file. The audit log file is transferred via sftp to the connector server. I have implemented the following to extract…

  • SmartConnector DNS lookup

    We know that SmartConnector performs DNS lookup for hostnames and IP when logs are being received, aggregated and normalized. just wanted to find out if anyone knows whether such behavior applies for filtered-out events, too?

  • How ESM uses the honstname field of an asset resource

    Folks, Does anyone know whether ESM makes any active use of the hostname field for an asset? The reason I ask, is that we are modelling firewalls and other devices that may have multiple IPs belonging to the one zone, and ESM doesn't consider this to…

  • Network Model / Asset Management where you have varying hostname formats?

    Hello! I am a bit new to the asset model of ArcSight and trying to figure out the capability of managing a number of devices that I haven't figure out how to track properly... The main issue is that our logs come from varying devices and come in different…

  • Oracle syslog parsing problems - header without hostname

    As subject says, I am running into issues with oracle syslog connector. Admins say tha "all has been set according to the guide" but I can't have access to oracle itself, only to syslog.conf. And well, that part is simple and correct at least. I have…

  • Hostname is IP Address

    I'm drawing a blank, does anyone know of a way to flag on an event if the hostname is an IP address and not a domain name or server name. On ESM 4.0.3

  • Open Source Data

    After my presentation on Monday I had a lot of people come up to me and tell me that they were implementing open source data into their ArcSight ESM deployment. I would like to see what everyone uses to pull data, here are a few sites that we use in our…

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.