Highest Voted 'arcsight' Questions

2

votes

0 answers

StreamSet CEF parsing issus

We send messages from ArcSight to StreamSets pipeline using Kafka. We are experiencing trouble parsing the messages from Kafka in the pipeline. The data sent from ArcSight is sometimes partitioned into chunks which means that a huge script will be…

apache-kafka streamsets arcsight

asked Mar 25 '21 at 08:52

gabi939

107
2
8

2

votes

0 answers

Kafka Consumer Failed to load SSL keystore (Logstash ArcSight module) for any keystore type and path

I need to supply a certificate for client authentication for Kafka Consumer, however, it always fails with the following exception (Failed to load SSL keystore): ssl.cipher.suites = null ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] …

apache-kafka logstash kafka-consumer-api elastic-stack arcsight

asked Oct 13 '20 at 10:34

Andrey Sapegin

454
8
33

1

vote

0 answers

How to parse ArcSight CEF into Elasticsearch, if Logstash ArcSight module, Logstash CEF codec and FIlebeat decode_cef processor do not work?

My goal is to get ArcSight CEF messages from ArcSight Transformation Hub into Elasticsearch in the parsed form. Hoever, none of the input options available from Elastic Stack do not work: Logstash ArcSight module does not work at all via SSL with…

elasticsearch apache-kafka logstash filebeat arcsight

asked Dec 01 '20 at 10:04

Andrey Sapegin

454
8
33

0

votes

0 answers

How to send logs from elk siem to arcsight?

I need to gather data from Elk to ArcSight. The official documentation only describes how to get data from ArcSight to ELK. How can I gather logs from ELK to ArcSight? Is it possible to implement this with the logstash? How can I do it?

elasticsearch elastic-stack elk arcsight

asked May 02 '23 at 09:02

crypt0key

1

0

votes

1 answer

How do I filter CEF logs using SQL

Here is the example of CEF Data on a single column named raw { "raw": "CEF:0|Check Point|New Anti Virus|Check Point|DNS reputation |Malware.TC.d8ccLeiq|Low|act=Detect cp_severity=Low cs1Label=Threat Prevention Rule Name cs1=Autonomous…

mysql sql arcsight

asked Mar 01 '23 at 17:22

Eps Geofs Diivs

9
4

0

votes

3 answers

OCI(Oracle cloud infrastructure) logs SIEM integration

Has anyone integrated OCI(Oracle cloud infrastructure) audit logs & OCI service logs to a Security Information and Event Management tool (SIEM,Arcsight). If yes , Where are these logs stored and from where these logs can be instantly accessed.

oracle-cloud-infrastructure arcsight

asked May 10 '21 at 11:57

user2750212

11
2
6

0

votes

0 answers

Problem to concatenating fix string from List & adding into JSON Array

Objective: Get all row in CSV file (minimum 1 row & more), add fix string & use the variable in JSON array. Sorry, if the question is not related. I'm not sure what the correct question to be asked. I want the "entryList" format to be like below,…

arrays json list arcsight

asked Jan 30 '20 at 05:59

malFUNKtion

21
6

0

votes

3 answers

Ignoring a string within a token regex

Im trying to parse a log file and having a hard time trying to ignore a string within a token. Part of the log I'm trying to parse: [Wed Mar 06 20:56:27.121877 2019] I want to create a token for the date where it should ignore any value after the…

java regex arcsight

asked Jun 21 '19 at 07:55

Gaurav Bhatnagar

21
2

0

votes

1 answer

Send Logs Arcsight Logger via C#

I want to send logs to ArcSight - Logger via C#. While searching on google, found one interesting article Check devices are not logged in ArcSight Logger via C# - Hakan Ungan. I have spent a couple of hours to search "How to send logs to ArcSight…

c# arcsight

asked Aug 01 '18 at 10:48

Dave Kapildev

471
1
7
18

0

votes

1 answer

ArcSight ESM - custom dashboard to display video

I want to create a custom dashboard to display video, in ArcSight ESM. I had spent a couple of hours to find solutions but no luck. Please anyone can guide me how can I accomplish this task. Thanks in advance.

elasticsearch logstash kibana xpack arcsight

asked Jul 06 '18 at 08:41

Dave Kapildev

471
1
7
18

0

votes

1 answer

In Common Event Format (CEF) how is the field version used in a real life application?

I am writing a program that outputs logs in the common event format (CEF), while referring to this document, which breaks down how CEF should be composed. However, I am confused as to what they mean by "Version" in this particular…

logging arcsight

asked Aug 02 '17 at 02:29

user8402764

143
2
14

0

votes

1 answer

ArcSight's CEF Syslog configuration difference RAW TCP and UDP

What the difference in ArcSight's CEF Syslog configuration between RAW TCP and UDP ? is it possible that Udp syslog is sending without endline eg \n How it possibole to send the syslog from ArcSight that Flumes syslogtcp will read it as syslog

flume flume-ng arcsight

asked May 07 '17 at 07:52

Yehuda

457
2
6
16

0

votes

1 answer

the flag ' ' is not recognized

I need to write a bash script who's first job is to export a package from an arcsight ESM. afterwards it needs to move the exported archives to a connector server but i haven't gotten to that part yet. my issue is this: as per the arcsight ESM…

bash arcsight

asked Oct 27 '16 at 09:35

heronpilot

3
2

-2

votes

1 answer

I need help from anyone with experience using the ArcSight esm rest API

I was able to get the auth token from the login api but I am trying to use it to query the events api and I am getting a 401 Client Error: Unauthorized for url error message. Here is a snippet of my code: def action(): data = { 'login':…

python api rest events arcsight

asked Jul 12 '21 at 11:01

Jakpor Nobert

7
1

Questions tagged [arcsight]