• Creating Dashboards Using Active List Data in ArcSight

    Hi, I have a use case where I want to create dashboards using data from an Active List in ArcSight. My questions are: Can I create the dashboard using active list in Logger? Which components of ArcSight can I use to create dashboards with Active…
  • Storing Script Command Results for Dashboard Creation in ArcSight

    Hi, I have a use case in which I have scheduled a script integration command using a rule. The script command returns result data, and I would like to use that data to create a dashboard. My question is: Where can I store the result data from the…
  • Executing Integration Command with Parameters Using a Rule

    Hello, I'm new to the ArcSight platform and need assistance with a requirement. Specifically, I want to execute a script and store the results in a lookup file. Here's the overall workflow: I have created a rule that is scheduled to trigger every…
  • Executing Integration Command with Parameters Using a Rule

    Hello, I'm new to the ArcSight platform and need assistance with a requirement. Specifically, I want to execute a script and store the results in a lookup file. Here's the overall workflow: I have created a rule that is scheduled to trigger every…
  • How can i create a lookup custom file list with 2 column "Code" & "Description" in ArcSight ESM ?

    Dear All I can create a lookup file in the ArcSight Logger very Simple. but how can i create a custom field with static value corresponding with parsed field? in this case i want to create a lookup file in ArcSight ESM for http_status Codes and also want…
  • Searching Subnets with Lookup

    Hello Guys, We have created a lookup file having IP Subnets. Now we want to create a lookup search that will give all IPs from sourceAddress matching the one in the lookup file. We have tried with | lookup "LookupFileName" "IP" as insubnet sourceAddress…
  • HOWTO: Threat Intel and Logger - simple options of integration

    The subject of using Logger to do some simple threat intelligence analysis comes up from time to time and I thought I would put some effort into providing some examples of what I have done in the past. Logger has the the ability to integrate Lookup lists…
  • Lookup Lists and Logger - Quick Demo - HOWTO

    Lookup lists are a powerful and flexible way to enrich searches and to look for large sets of data with Logger. Its a very under used feature, but strangely something that is actually very simple to setup and use. This is a quick document that guides…
  • Using Logger 6.0 LOOKUP - Looking for Tor Traffic

    One of the easy to understand features in Logger 6.0 is the LOOKUP Search Operator. Here's an example to find the 'Needle in the Haystack'. The LOOKUP search operator is a way to join values from inside Logger, with values from an external source. The…
  • AssetError

    when my ESM5.2 started a few days ,some of the connectors will start cache,and the eps will low than 1000,the server.std.log start appear persisted 300 event in 256 ms. as usual it is persisted 100 event in 25 ms , and also the server.log show the ERROR…
  • Port Service Lookup

    I've turned on Port-Service Mapping on the connectors and am using the map.x.properties file to custom map the missing ports e.g. 3389 - RDP. But this approach means I need to maintain the list of port lookups and push it out to each and every connector…
  • Sourcefire Management Console eStreamer

    Hello ArcSight Community, we are getting events from Sourcefire via a super connector from another ESM installation and I have two questions to thos topic because I was not able to find the right informations: 1. Payload Does someone have experience if…