ArcSight ESM
ArcSight Enterprise Security Manager sits centrally within an organization, collecting and analyzing events from across systems and security tools. It detects security threats in real time so that analysts respond quickly, and it scales to meet demanding security requirements.
Integration with LogicHub
Connecting with ArcSight
To connect to ArcSight following details are required:
- Label: Connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- ArcSight ESM Server Name or Host IP: Example: 192.168.1.1 or myarcsightesm.example.com
- Username: Username for connecting to ArcSight
- Password: Password for connecting to ArcSight
- ESM Server Port: Specify the port on which the ArcSight server is listening. Generally, it is 8443
Actions with ArcSight
Get Security Events
Get all security events of a particular security ID.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Event ID Column Name: Column from parent table containing one or more event IDs (JSON list or separated by commas).
- Auto Fetch Base Events: If an event is a correlation event, Automatically fetch its base events (default: False).
- Explode Results: If multiple results are found, return as individual rows (default: False).
- Drop Fields with NULL Values: If a field is returned with a null value, exclude it from result output (default: False).
- Reformat Events with CEF Field Names: Rewrite event json to flatten the output and use proper CEF field names instead of having many sets of nested fields (default: False).
- START DATE (Optional): Column from parent table containing a date and time for the query Start Date. (Example: 2017-05-22T10:00:00 or 1495447200000). Default: -1 (unlimited).
- END DATE (Optional): Column from parent table containing a date and time for the query End Date. (Example: 2017-05-22T10:00:00 or 1495447200000) Default: -1 (unlimited).
Output of Action


Get All Cases
Get the list of all updated cases.
Inputs to this Action
- Connection: Choose a connection that you have created.
Output of Action
It returns a list of case IDs in JSON format.


Get Case Details
Get the details of one particular case.
Inputs to this Action
- Connection: Choose a connection that you have created.
- COLUMN NAME: Column name from the parent table to lookup value for case resource ID.
Output of Action
It returns details of a case.


Get All Query Viewers
Returns all the query viewer IDs.
Inputs to this Action
- Connection: Choose a connection that you have created.
Output of Action
It returns the IDs of all query viewers.


Get Query Viewer Results
Get the query viewer results of a particular ID.
Inputs to this Action
- Connection: Choose a connection that you have created.
- COLUMN NAME: Column name from parent table that contains query viewer ID.
Output of Action


Get Case Events
Get all case events of a particular case ID.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Resource ID Column Name: Column name from the parent table to lookup value for case resource ID.
Output of Action
It returns events of a case.


Delete Case
Delete a particular case by case ID.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Resource ID Column Name: Column name from the parent table to lookup value for case resource ID.
Output of Action


Get All Active Lists
Get the list of all active list resource IDs.
Inputs to this Action
- Connection: Choose a connection that you have created.
Output of Action


Get Entries from Active List
Get all entries of a particular resource ID.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Resource ID Column Name: Column name from parent table that contains resource ID.
Output of Action


Add Entries to Active List
Add all entries to a particular resource.
Inputs to this Action
- Connection: Choose a connection that you have created.
- RESOURCE ID Column Name: Column name from parent table that contains resource ID
- ENTRIES COLUMN LIST: Column name from parent table to lookup value for all new entries. Example: sample row in the parent table '[{"ConnectorName":"A0830","AverageEPS":"1212"}]'
Output of Action


Updated about 1 year ago