Micro Focus ArcSight ESM - API Integration Installation and Configuration Guide
  • 10 Aug 2022
  • 1 Minute to read
  • Dark
    Light

Micro Focus ArcSight ESM - API Integration Installation and Configuration Guide

  • Dark
    Light

Article summary

The ThreatConnect® integration package for Micro Focus® ArcSight Enterprise Security Management (ESM) - Application Programming Interface (API) allows ArcSight ESM users to interact with threat intelligence in ThreatConnect directly from the ArcSight Console. The integration has three main components: an automated ThreatConnect Job App to add and remove Indicators between ThreatConnect and the ArcSight Active Lists, ThreatConnect Playbook-based applications to add and remove Indicators from ArcSight Active Lists, and a set of ArcSight integration commands that allow the user to interact with ThreatConnect within the ArcSight Console application (e.g., retrieve Indicator details, report observations and false positives to ThreatConnect).

This version of the integration uses the ArcSight REST API to add Indicators from ThreatConnect to ArcSight ESM as well as to remove them. If you prefer to deploy Indicators via common event format (CEF)-formatted syslog, please use the CEF integration for Micro Focus ArcSight ESM.

 

Your browser does not support PDF.click here to download

 


ThreatConnect® is a registered trademark of ThreatConnect, Inc.
TC Exchange™ is a trademark of ThreatConnect, Inc.
Micro Focus® is a registered trademark of Micro Focus (IP) Ltd.

Attachments

Was this article helpful?