Can be run on demand via UI, on a schedule, or over the Logger API. – Output formats include HTML, PDF, MS Excel, CSV, MS Word, Interactive HTML, XML .. Guide (PDF) 3 Understanding the User Interface 24 ArcSight Connector Appliance .. ArcSight Logger, ArcSight NCM, SmartConnector, ArcSight Threat. Contents 6 ESM Installation and Configuration Guide Confidential How do Configuration Guide Confidential /opt/arcsight A.

Author: Faezragore Nakus
Country: Bangladesh
Language: English (Spanish)
Genre: Software
Published (Last): 4 February 2010
Pages: 115
PDF File Size: 18.43 Mb
ePub File Size: 2.88 Mb
ISBN: 697-1-26514-204-8
Downloads: 87463
Price: Free* [*Free Regsitration Required]
Uploader: Terr

When you run a search, the results show loggeer at the bottom of the screen, most recent log on top. Proceed to step 5. The maximum number of rows you want to search.

How to Use Arcsight Logger : TechWeb : Boston University

The amount of data returned depends on your setting in the number of rows of raw data property in Security Incident Response properties. When you log in, you will be brought to the Analysis search page where you can search through all the logs you have access to in Arcsight to find the events you are looking for using basic search queries.

Saved search saves the query expression and the time range that you See the Filters and Saved Searches section below for more information. Select the time range you wish to search the logs for.


Select this to include samples of raw data in your sightings search results. All Peers The default is unchecked and searches only the local logger you are connected to.

Since there are dozens of fields that can be logged in Arcsight, using this feature will save you the time of scrolling through unnecessary data to find what you are looking for. To manage the workflows, navigate to the Workflow Editor. The query will be entered into the search box for you; click Go gjide adjusting your time range as needed.

Common Event Format (CEF) Configuration Guides

Max Rows The maximum number of rows you want to search. Include raw data samples in search results.

Configuring this integration activates workflows. You can also activate the plugin using the traditional method. Search Logs To search for logs in Arcsight, go to https: The user interface allows you to add and remove fields as well as put them in the order that you want.

Filters save the query expression, but do not save the time range or the field set information. This tool allows you to save a query that you use frequently as a filter or a saved search. The available security integrations guife as a series of cards. See the Search Queries section below. Enter a name for the search or filter. Search strings are case sensitive, and multiple words should be included in quotations.


Field Description Name The name of this configuration. Please note this field is based on the time that Arcsight received the log, not necessarily the time of the event itself.

The default is unchecked and searches only the local logger you are connected to. Earliest Result days The earliest results you want to see in number of days. See the Field Set section below for more information.

This procedure can be used to activate the plugin and configure the integration. To use a previously saved logyer or search, click on the load saved search or filter icon. For example, if I want to show all Weblogin events for a certain person, I can find them by typing: The Security Integration screen reloads and the New button for the integration is available.

Include raw data samples in search results Select this to include samples of raw data in your sightings search results.

Please do not use this fuide