Popular Tags

  • Windows custom logs

    Hello, I am trying collect IIS logs from Windows Events log with Windows Native connector. Logs are in Microsoft-Windows-IIS-Logging/Logs OR in Custom View IIS-Log. I am getting these errors: Line 7289:         EventLog…

  • HI, I'm wondering if there is any document about integration Arcsight with Grafana?!

    Hi, I'm wondering if there is any document about integration Arcsight with Grafana. We want to integrate ESM with Grafana for event metrics, CPU utilization, etc...

  • Q: how to move Smart Connector hosted on SW ArcMC?

    Hello all. What is the best practice to migrate a Smart Connector hosted on SW ArcMC to another ArcMC sw ? TAR files then untar on target? Container backup restore is for ARCMC applaince only? other? thank you R

  • Creating and Integrating a Smart Connector into the Existing ArcSight Infrastructure

    Hello, I’m new to the ArcSight platform and I’m looking to integrate a third-party threat intelligence feed with ArcSight. The feed data will be provided through an API, and I want to ingest this data into ArcSight for threat analysis. ArcSight already…

  • Guidance on Implementing Data Enrichment through Third party threat intelligence Integration in ArcSight

    I am working on a use case to integrate Third party threat intelligence with ArcSight . The goal is to accomplish the following tasks: SIEM Data Enrichment Ingest raw log events into ArcSight. Create empty lookup files in ArcSight for each IOCs…

  • ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…

  • Field [rawEvent] truncated Limit

    Hey guys. I have a syslog connector with problems processing an event with more than 4000 bytes, how can I solve this? I knew that adding the following parameters would solve it. size.validation.fields and size.validation.sizes to 10,000 Is there…

  • ArcMC cannot resolve connector hostname

    Hello, I am trying to add new host to the new clean install of ArcMC 3.2.2 but getting error with failed downloaded certificate. In parallel I have older ArcMC where things works fine. I can add connector server by IP but cannot by hostname. hostname…

  • Problem with CEF that has IPV6

    I have a specific problem when there are IPv6 events originating from the 365 Defender technology (Native Connector). When events contain ipv4, the IP is mapped perfectly in the destinationAddress field, but when there is ipv6 it does not appear. But…

  • ArcSight Smart Connector register Destination to Syslog TLS

    Is there a documented step by step how to register a arcsight smart connector destination to CEF Syslog over TCP TLS? Need to know the actual command how to import/trust key from the destination of sort with Smart Connector. Thank you

  • Syslog subagent.parsers

    Hello, I dont understand what "syslog.subagent.parsers=" in agent.propersties is for: I can enable custom subagents list where I can use my own parsers, but what subagent.parsers do ? agents[0].customsubagentlist=generic_syslog ??agents[0].syslog.subagent…

  • How can we get the uncategorized event to apply the categorization?

    Hello Experts, I hope you are doing well. Kindly, how can we get the uncategorized events to apply the appropriate categorization to them? Is there a way to know the standard categorization?

  • ArcSight logUnparsedEvent Error

    Hello everyone. I have a problem with the parsing of a smart connector, version 8.4. I'm sending Logs from a Linux machine, with the rsyslog service. I have installed a "syslog Daemon" as the type. I have configured the following entries in the agent…

  • techical bootcamp recon lab3 exercise 5, avro test connector run connection.

    C:\arcsight\Test Alert AVRO\current\bin

  • how to stop sending events from a connector.

    Hi , I need to preserve a container configured locally into an ArcMC with his SC but stopping it to send logs to all two destination. To do this i delete the destination but can not delete the last one destination as mentioned in the guide you can…

  • Can't find to download MISP Model Import Connector

    Hi everyone, I've been trying for a while to download the Model Import Connector of MISP, but I don't seem to be able to find it anywhere. Please if you could help with that I'll be grateful, Thanks.

  • Syslog NG NULL Events

    Hello, I am trying collect syslog with Syslog NG, but connector cant parser data. Syslog should be fine and I can see application data in wireshark, but nothing in connector. unparsed events: true custom parser: true (made completely basic parser to…

  • What is meaning of Number of bad threat level values in connector?

    When i opened agent.log and used 'WARN' filter. show me that. I got many 'number of bad threat level values received and corrected' mesages. What does this message mean? Best Regards

  • SmartConnector forwarder encryption

    Hello, I have two connectors installed in different VLANs and I need connector1 from VLAN1 to forward logs encrypted to VLAN2, from where connector2 forwards logs to Logger. The only option I see is encrypted UDP, is that correct ? Regards John

  • Massively delayed events from WINC, forwarded and local

    Hello, I have installed ArcSight Smart Connector v8.3p3 WINC locally on WEC. This connector is only connector on WEC which runs on windows server 2019 standard. The issue is, that we are receiving massively delayed events - local from WEC 2-4 hours…

  • Error during the configuration of the parameter for WinSC (Linux) smart connector

    Trying to add new parameter to collect windows log from windows server 2019 and got 2 errors: i) Connector did not pass the verification with error [1:Encountered 1 error for command [GetLogAccessValidationResult] Host: xx.xx.xx.xx ii) Cannot retrieve…

  • Do you need Active Directory to collect windows event logs?

    Current Situation: Currently setting up a lab environment to send the windows event logs from Windows Server 2019 server (without AD) through Windows Event Log smart connector. Below are the information that I used to set up this lab environment. …

  • Hi Team, We are raised a request with Support for Array Networks Device Integration with ESM.

    Hi Team, We are raised a request with Support for Array Networks device Integration with ESM. Is this possible with smart connector in Arcsight Any help is appreciated. Thanks, Anup Saroj 9326877462

  • ArcSight Smart Connector 8.0 WinC connector failed to start after server reboot

    Hi all, Any idea on the following scenario? - After Smart Connector Windows 2012 server rebooted, one of the winc connector service failed to start with error: could not find or load main class com.arcsight.agent.loadable._WrapperLauncher. JVM existed…

  • flex connector properties file not working

    I'm having some troubles with the flexconnector. I did the parser file but everytime I run the flexconn and I send some SSH Logs the parser do not work. My parser file is called Vendor_syslog.subagent.sdkrfilereader.properties. I modified in agent…

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.