ArcSight SOAR "from the ground up" Build Guide

4 Likes

April 1, 2022

These guides walk through adding SOAR to an existing ESM deployment. First, we’ll cover ESM content that needs to be configured. Next, we’ll install the ArcSight Platform “from the ground up” with CentOS 7.9 Minimal installed nodes. Then, we’ll configure SOAR using the Fusion interface and install the Forwarding Connector. Finally, we’ll configure SSO with Fusion and ESM. There’s also a troubleshooting section, as well as information on integrating SOAR with MITRE ATT&CK and MISP (Malware Information Sharing Platform).

ArcSight ESM 7.6 now includes the SOAR/ESM content as a part of default content. If you're running ESM 7.6 or upgrade to ESM 7.6, this package is included as part of the release and you don't need to download the "ArcSight ESM and SOAR Integration Content" from Marketplace. If you're running a version previous to ESM 7.6, a link to the SOAR/ESM content is below.

ArcSight SOAR 3.2 / ESM 7.6

PDF

ArcSight SOAR 3.1 / ESM 7.5


PDF

ArcSight ESM 7.5 and SOAR 3.1 Integration Content

Labels:

How To-Best Practice
Related
Recommended