Hi,
We're trying to integrate ArcSight SIEM to SEPM with embedded database. I cant find any documentation about this process. I also looked at other forum posts, it seems like no one really have the documentation for this. My best bet is to use external logging, but even the external logging dont have documentation on how to use it with ArcSight SIEM. nowAnyone tried doing this?
Thanks,
Does below articles not help ?
contact the Arcsight team as they will have documentation for the integration.
http://www8.hp.com/h20195/v2/GetPDF.aspx/4AA5-3404ENN.pdf
Its not useful actually, I mean, try to read it. All it say are the common thing that you'll obviously do. Like, click this click that click OK. It didnt even tell what log facility to use on what external logging.
Hey guys somehow we got it. I end up searching on google instead of symantec, very unexpected. Considering that we've been using symantec for more than 3 years.
Thanks guys,
Ok so what's the answer?
Id just added the IP and port that 's it. The actual changes happend on another team handling SIEM ArchSight. They said they setup a ArchSight Reciever or something like that, then they gave me IP address and ports. I think Symantec should do a testing of this thing and post a proper knowledge base considering that HP is a major player in enterprise I'm sure it is going to be useful to alot of users.
Symantec's post, this one below:
is already a generic instruction I think. As much as I want to post an instruction on SIEM ArchSight integration, unfortunately I'm not handling our ArchSight so that's not going to work for me and those guys handling it are sure busy as they're always around the clock doing monitoring and advisory stuff.