Hello Mithun,
thanks for your reply.
We are using an ArcSight SmartConnector which is specially designed for SEPM. There are no problems or issues with this connector.
My question is which specific field conains the Download-URL of the File.
Maybe to understand to understand my problem better:
When you are using the SmartConnector for SEPM you have a default set of values which are displayed in ArcSight. But you can add other values like the md5 hash of the suspicious file to the fields which are displayed in ArcSight. And i am now searching for the value which contains the download url of the file because like i mentioned in the beginning it is existent on the SEP Client on the Client-System.