• Sourcefire API: CVE --> DCS5?

    Hi, Does anybody have a Sourcefire API implementation where Device Custom String 5 automatically populates the CVE? Per the Sourcefire API guide the CVE ID should be mapped to DCS5, however this field is blank in our environment and I'm trying to track…
  • P-Sourcefire FireSIGHT

    This is the official forum for discussing the basic ArcSight Activate P-Sourcefire FireSIGHT product package as described in the Activate Wiki .
  • Issues with Sourcefire API eStreamer Connector and Event Severity Info

    Howdy everyone! Typically the ArcSight Sourcefire API Connector will map a numeric value given by the the eStreamer to the Connector to the Sourcefire threat "color". This populates the deviceAction field. Lots of people build content around this field…
  • Cisco FireSIGHT Log Collection

    Just wondering if anyone has used the SoureFire eStreamer connector to collect logs from FireSIGHT? Searched P724 without much luck and FireSIGHT isn't mentioned in the HP Supported Devices link -> http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-3404ENW…
  • ArcSight/Sourcefire Integration for Blacklisting

    # Original posting found at chasemullins.com ArcSight junkies and Snort-heads alike rejoice as there is a way to marry the two products with just a bit of baling wire duct tape. If you’re familiar with Ray Cotten’s ArcSight/Google Maps integration then…
  • Sourcefire Connector Mapping Question

    All, Once upon a time there was a doc that showed the SQL for within Sourcefire to get the mapping between the sensor ID and the hostname and/or IP address of the sensor. This data is then used to populate map files so that sourcefire events within ArcSight…
  • Get Sourcefire Security Intelligence events with eStreamer

    Hello, I'm trying to get the Security Intelligence events from a Defense Center 5.3.0.2 using the last version of the eStreamer SmartConnector but I can't find them in the CEF events generated by the connector. I have all the types of events checked in…
  • Cannot find information for Sourcefire3D Error

    Hi all. I need help regarding below error message in agent.log file. [2013-09-11 13:13:04,301][WARN ][default.com.arcsight.agent.hf.e][lookupByName] Cannot find information for [Sourcefire3D] I was able to received others syslog, Unix & Firewall, but…
  • How can I create a rule that will create Cases based on a numbering schema i.e. Case001, Case002 etc

    Hello, I am trying to have ArcSight create cases for our workflow process, and dynamically name those Cases by a Case number such as Case001, Case002, Case003. However I have discovered that ArcSight has no means to track created cases by number and then…
  • Regex Extract IP Address and Map in FlexString

    Hi We have a standard Sourcefire Connector (eStreamer) pulling data. We have the sample payload in deviceCustomString1 field. This field has a Custom X-FWD field. This field has to be extracted and put into an ArcSight field. How can this be done?
  • How to find saved payloads in ArcSight Database

    Hi, someone know how to find saved payloads in ArcSight Database? Nelson
  • Sourcefire eStreamer Extended Header

    1 - How can I configure the Sourcefire SmartConnector to read eStreamer Extended header details. 2 - Smart Connector config wizard has a parameter 'Intrusion Event Version" that needs to be set from the dropdown provided. What is this configuration, I…
  • SourceFire - lack of certain events in the ESM

    I have the latest connector for Sourcefire. Some events are visible in eStreamer there is no ESM. What may be the problem?
  • SourceFire RNA and ArcSight

    Hi, All, how are people storing SourceFire RNA data in ArcSight SEIM? I know there is Asset Inventory section but did that work for anyone? What are the results? How easy is it to create content off of that data? Using ArcSight 5.0 Thanks in advance for…
  • SourceFire Defense Center SmartConnector configuration

    I would appreciate some help from someone who has successfully installed the SourceFire Defense Center eStreamer SmartConnector. I am stymied by the the Defense Center authentication certificate required for ht efor the SmartConnector. Pgs 3-4 of the…
  • Sourcefire Management Console eStreamer

    Hello ArcSight Community, we are getting events from Sourcefire via a super connector from another ESM installation and I have two questions to thos topic because I was not able to find the right informations: 1. Payload Does someone have experience if…
  • Sourcefire RNA Scanner Import Agent

    Someone might find this useful - it is a quick little scanner connector that imports the Sourcefire RNA database (the eStreamer connector processes RNA events as IPS events). To run it you need to first generate these two reports as csv and save them…