ESM ArcSight – InfoSec Pro

Smart Connector “Filter Out” issue

8 July 2014 by alex

ArcSight Smart Connectors has a very useful feature: it is possible to set up a filter to filter out unwanted events and don’t send them to a destination (ESM ArcSight, Logger, etc). It works very well at the ESM ArcSight – you just need to open connector’s properties, select the “Filter” tab and create a … Read more

ESM ArcSight – how to convert events for Replay (Test Alert) agent

2 November 2012 by alex

The “Replay” (also known as Test Alert) agent at the ESM ArcSight – is a very powerful tool for developing and debugging rules. You don’t need to wait until a real (and probably rare!) event will be received by the ESM Manager only to check that the rule produced incorrect result. Of course a test … Read more