Micro Focus ArcSight ESM - API Integration Installation and Configuration Guide

The ThreatConnect^® integration package for Micro Focus^® ArcSight Enterprise Security Management (ESM) - Application Programming Interface (API) allows ArcSight ESM users to interact with threat intelligence in ThreatConnect directly from the ArcSight Console. The integration has three main components: an automated ThreatConnect Job App to add and remove Indicators between ThreatConnect and the ArcSight Active Lists, ThreatConnect Playbook-based applications to add and remove Indicators from ArcSight Active Lists, and a set of ArcSight integration commands that allow the user to interact with ThreatConnect within the ArcSight Console application (e.g., retrieve Indicator details, report observations and false positives to ThreatConnect).

This version of the integration uses the ArcSight REST API to add Indicators from ThreatConnect to ArcSight ESM as well as to remove them. If you prefer to deploy Indicators via common event format (CEF)-formatted syslog, please use the CEF integration for Micro Focus ArcSight ESM.

  

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.
TC Exchange™ is a trademark of ThreatConnect, Inc.
Micro Focus^® is a registered trademark of Micro Focus (IP) Ltd.