Cybersecurity
DevOps Cloud
IT Operations Cloud
April 1, 2022
These guides walk through adding SOAR to an existing ESM deployment. First, we’ll cover ESM content that needs to be configured. Next, we’ll install the ArcSight Platform “from the ground up” with CentOS 7.9 Minimal installed nodes. Then, we’ll configure SOAR using the Fusion interface and install the Forwarding Connector. Finally, we’ll configure SSO with Fusion and ESM. There’s also a troubleshooting section, as well as information on integrating SOAR with MITRE ATT&CK and MISP (Malware Information Sharing Platform).
ArcSight ESM 7.6 now includes the SOAR/ESM content as a part of default content. If you're running ESM 7.6 or upgrade to ESM 7.6, this package is included as part of the release and you don't need to download the "ArcSight ESM and SOAR Integration Content" from Marketplace. If you're running a version previous to ESM 7.6, a link to the SOAR/ESM content is below.
ArcSight SOAR 3.2 / ESM 7.6
ArcSight SOAR 3.1 / ESM 7.5
ArcSight ESM 7.5 and SOAR 3.1 Integration Content