Can be run on demand via UI, on a schedule, or over the Logger API. – Output formats include HTML, PDF, MS Excel, CSV, MS Word, Interactive HTML, XML .. Guide (PDF) 3 Understanding the User Interface 24 ArcSight Connector Appliance .. ArcSight Logger, ArcSight NCM, SmartConnector, ArcSight Threat. Contents 6 ESM Installation and Configuration Guide Confidential How do Configuration Guide Confidential /opt/arcsight A.

Author: Malabei Zulushura
Country: Saint Kitts and Nevis
Language: English (Spanish)
Genre: Photos
Published (Last): 10 March 2014
Pages: 308
PDF File Size: 1.75 Mb
ePub File Size: 11.22 Mb
ISBN: 975-4-96995-483-6
Downloads: 88495
Price: Free* [*Free Regsitration Required]
Uploader: Dougrel

Since there are dozens of fields that can be logged in Arcsight, using this feature will xrcsight you the time of scrolling through unnecessary data to find what you are looking for.

Common Event Format (CEF) Configuration Guides

Enter a name for the search or filter. The maximum number of rows you want to search. The available security integrations appear as a series of cards. Saved search saves the query expression and the time range that you See the Filters and Saved Searches section below for more information.

Search strings are case sensitive, and multiple words should be included in quotations. To manage the workflows, navigate to the Workflow Editor. The amount of data returned depends on your setting in the number of rows of raw data property in Security Incident Response properties. When you log in, you will be brought to the Analysis search page where you can search through all the logs you have access to in Arcsight to find the events you are looking for using basic search queries.


ArcSight Logger – Commonly Used Event Fields – ITKB – Confluence

When you save a field set, it will appear under the Shared Fieldsets category and will be visible to all other users of Arcsight. Field Description Name The name of this configuration. Select this to include samples of raw data in your sightings search results. The earliest results you want to see in arcsightt of days. All Peers The default is unchecked and searches only the local logger you are connected to. Once you log out of Arcsight, the field set will not be saved.

If you activate the plugin using the traditional method, the HPE ArcSight Logger – Incident Enrichment integration recognizes the installation and the integration card displays the New button. If you click OK after customizing your field set, it will only usdr available to you for your current session. Search Queries Search queries can be as usfr as entering a login name, IP address, or other string you are loggeer in looking for.

Load Saved Search or Filter: Earliest Result days The earliest results you want to see in number of days. See the Search Queries section below.

The name of this configuration. To make the field set available for later use, hit Save. Please note this field is based on the time that Arcsight received the log, not necessarily the time of the event itself. For example, if I want to show all Weblogin events for a certain person, I can find them by typing: The query will be entered into the search box for you; click Go after adjusting your time range as needed.


When you run a search, the results show up at the bottom of the screen, most recent log on top. You can also build more complex queries once you know what you are looking for and in which field Arcsight is logging that information.

The user interface allows you to add and remove fields as well as put them in the order that you want.

Be careful not to change existing filters this way that are not yours. To use a previously saved filter or search, click on the load saved search or filter icon.

Include raw data samples in search results Select this to include samples of raw data in your sightings search results.

When checked, it searches all the loggers that are connected to guiee another.

Max Rows The maximum number of rows you want to search. Choose whether to save it as a filter or a saved search, then hit save. Enter the string you are searching for here, or build a search query using the Arcsight column headers.

Include raw data samples in search results.

Get started with the HPE ArcSight Logger – Incident Enrichment integration

The Security Integration screen reloads and the New button for the integration is available. Use these buttons to customize your field set.

Search Logs To search for logs in Arcsight, go to https: