Browse By Tags

  • Add a task for the case

    Hi A certain event was found, there is a case in the navigator, is it possible to create a task for a specific user for practice? Maybe you know some functionality close to this. We are not talking about the external ticket system, but about the internal…
  • Sending emails when a rule is triggered

    Hello, I need help setting up ArcSight ESM to send emails when a rule is triggered. What is needed for this?
  • Can not create new rule in ArcMC with metric type Reciver EPS

    Hello Team, Our customers is unable to create a new rule in ArcMC with metric type Receiver EPS or Forwarder EPS used. When the new rule is being created, once you choose Metric Type: Receiver EPS or Forwarder EPS an error shows saying: "Cannot get product…
  • Absence Rule no answer to groups or resources

    The absence rule ist a perfect buttom for a quick rule to auto answer, when you are away. But it's not useful and a little bit senseless,if the autoanswer goes to groups, particulary if you are member of this group. this creates a loop. For autoanswer…
  • Rule notification via email with attached report

    Is there a possibility when an alert is triggered, in addition to sending an email with the fields, also sending an attached report? It would be like running a query as soon as the alert is triggered and the query result goes to the attached alert itself…
  • Vacation rules and BCC handling of group membership

    Currently Groupwise shows a very problematic behaviour in handling BCC membership of groups. Steps to reproduce: 1. Define a group and add a user with participation 'BC'. 2. Set a Vacation Rule for this user and include all external senders and…
  • Request for Variable Support in GroupWise Web Rules

    Hello everyone, We kindly request the ability to specify variables in GroupWise Web for rules. For example, we have a mailbox that should forward emails to two users, and in the subject of the forwarded message, we need the subject of the original message…
  • Introducing GroupWise 18.5.0 - the Ultimate Collaboration Powerhouse

    Hello GroupWise fans! I am thrilled to announce the arrival of GroupWise 18.5.0, the latest version of our trusted collaboration solution. We have some great new features for you to try, so without further ado, let’s take a look at what makes this release…
  • Fortify rule writing

    hi I'm really eager to learn fortify rule writing. when i was surfing online, i came across a coding that i cannot understand. so far i think <predicate> tag contains Java(?) code. but there's another tag <Definition> that contains something…
  • Use timestamps in rule's condition

    Hi, I would like to use timestamps in the conditions panel. More specifically, we sometimes get events with older timestamps or timestamps in the device custom date key. I would like to set up a rule that only triggers if these timestamps are not…
  • Rules to be able to see all of the Message Header/source

    There are some things that just don't fall into any of the many fields available for Rules to act on. I've been able to do lots of interesting things in Thunderbird's rules, such as checking details of the SPF check my mail provider does, but I can't…
  • Is there a way how to limit triggering of a rule?

    Hello, happy Monday, we have troubles with notifications, they are being sent 3 times. E.g.: We have a notification in After applying changes, the condition is linked to Service Desk Group name and also to Phase ID . The aim is to send the notification…
  • Sending SMS notifications through OO

    Good day to everybody, We have created a rule which should send SMS notifications only on weekends and holidays about created support requests. It actually works, the only problem is that the parameters (Receiver, Text, SDID) don't seem to accept more…
  • Foreach loop in velocity template on ESM 7.6

    Hi everybody, I was playing around with rules and velocity templates in local variables and seem not to get a trivial foreach loop running. It is a simple form of [1]: #set($sum=0) #foreach($no in [1..10]) $sum = $sum + $no #end Our ESM 7.6 is simply…
  • rules to send notification with all entered command on cisco device in configure terminal mode

    Good day to everyone! Im trying to create a rule, wich will send a notifications with all entered commands when admin exits configuration mode or issues command " copy running-config startup-config" and wich will delete entries about that device from…
  • Arcsight rule document

    Hello , Its been several years and many updates so far but still there is no API to get rules and its features that created via arcsight console... There buch of api services are created on rest API why dont you create an API service for RULES ? We…
  • High Rate of ActiveList entry added in Arcsight

    Hi I have been working on adding new Rule in command center and associate may rule with active list and some of them with creating case for me and recently i notice this alert is created in my active list and it seems there is problem in my active list…
  • GW rule trigger once a day or end of day

    Would like a gw rule trigger for once a day (maybe time set by admin), or at least end of day aka midnight. This is useful in cases where users want to use rules to file sent messages while keeping the tracking information, which gets list if file…
  • Use Reply and Forward rules with same format as the email

    If you set "Include header" in Reply Format settings (Tools / Options / Environment ) it isn’t in action in a rule now. Please use the Reply and Forward rules with same format as the email settings.
  • Detecting Actual Rogue Systems versus Rogue Sensor Source Servers

    Hello experts! Is it possible that the parser is querying the wrong epo Table Name, or could I just need newer parser version? Attempting to 'fire alerts' for McAfee Rogue Systems from "RSD Version 5.0.5" yet it seems that all events captured reflect…
  • Rule to identify traffic in range of ips

    hello, I have several doubts in the creation of rules in arcsight. I want to create a rule that reads a list of ips with mask /24. How can I do it? I have created zones in the assets, but it does not let me select it at the time of the rule. …
  • ESM Rule to prevent alert generation when there is a connection open and then a closed.

    Hello Team, We have a FW which works with connection open and within the same second connection closed. For this specific FW we have a rule in place that generate alerts when there is a connection open. After the rule generates an alert we need to…
  • Set up a alert treshold to disable a rule from alert generation

    Hello team, Is there any option in ESM to disable a rule or to stop it from alert generation when a number of alert threshold is met. This in order not to impact system performance with hundreds of thousand of alerts. I have been looking for this…
  • Add new attachment via business rules

    Hi, Is it possible to add attachments to an entity via an offering? For example, our record has already one file attached. Can we add a second attachment via offering rules? Regards
  • Endpoints with maximum number of malware threats rule for ArcSight

    Please solve this rule I don't understand how to solve this.