Installation notes for ArcSight ESM 6.9.1 on CentOS 7.1February 27, 2016-Installation of HPE ArcSight Enterprise Security Manager (ESM) 6.9.1 on CentOS 7.1 is substantially easier with engineering adding a “pre-installation” setup script to this version. For a smooth installation, there are still a few steps we need to take .. … Continue reading →
Using the ArcSight ESM Console to Create Replay FilesNovember 9, 2015-HP ArcSight Enterprise Security Manager (ESM) has some built-in capabilities to generate event files suitable for use with the ArcSight Test SmartConnector. These replay files can be used to test functioning of new ESM content (Dashboards, Datamonitors, Filters, Rules, Queries, … Continue reading →
ESM ActiveList Import ScriptOctober 1, 2015-<shamelessly copied from Konrad Kaczkowski’s post on iRock> ESM Active List Import script – arc_import_al.py Version 20 Created by Konrad Kaczkowski on Oct 29, 2014 5:44 AM. Last modified by Konrad Kaczkowski on Mar 16, 2015 5:42 PM. Active List … Continue reading →
How To Increase ArcSight ESM Command Center GUI TimeoutJune 22, 2015-In the appliance versions of most ArcSight products, there is the ability to set the user session timeout period. Typically this defaults to somewhere between five (5) and 15 minutes – good for a default but incredibly annoying for any … Continue reading →
Common ArcSight Command Line OperationsJune 15, 2015-Here are a number of command line operations that are frequently needed within the ArcSight ecosystem. Export Enterprise Security Manager Certificate without a GUI Use for ESM 6 or later. Lookup the manager certificate details and alias name by running … Continue reading →
Installation notes for Logger 6 on CentOSApril 30, 2015-[Update 2016/04/15]: Installing Logger 6.2 on CentOS 7.1 CentOS (or RHEL) 7 changed a number of things in the OS for command and control, such as the facility to control services – for example, rather than “service” the command is … Continue reading →
Creating event replay files for ArcSight SmartConnectorsApril 20, 2015-The ArcSight connector framework includes the capability to record event replay files from inbound event streams, regardless of the type of event data. This is enormously useful for development and testing individual of use cases, demonstrations and training. The following … Continue reading →
Enabling Single Line Logging from pfSense Firewalls to ArcSightSeptember 20, 2014-While pfSense firewall offerings are based on the BSD packet filter (pf) functions and offer excellent performance and value, the current implementation my customers are running (2.1.5) outputs firewall rule logs in two syslog lines. The skilled developers that maintain … Continue reading →
Building a Highly-Available ArcSight SmartConnector Cluster with PacemakerAugust 6, 2014-Cost Effective SmartConnector HA
This paper describes the use of open source clustering software used to build a low-cost, reliable, high availability environment on CentOS Linux in which to run both passive and active SmartConnectors, providing automated failure recovery. Continue reading →
Libraries needed to install ArcSight SmartConnectors on RedHat Enterprise Linux and CentOSAugust 7, 2013-[Update 2016/03/11]: Starting with SmartConnector 7.1.7 (I think, might be a rev or two earlier), there are a couple more libraries that are needed to successfully install the SmartConnector on Linux. Include libXrender.i686 libXrender.x86_64 libgcc.i686 libgcc.x86_64 yum install libXrender.i686 libXrender.x86_64 … Continue reading →