Micro Focus ArcSight ESM - CEF Integration Installation and Configuration Guide

The ThreatConnect^® integration package for Micro Focus^® ArcSight Enterprise Security Management (ESM) - Common Event Format (CEF) allows ArcSight ESM users to interact with threat intelligence in ThreatConnect directly from the ArcSight Console. This integration has three main components: an automated ThreatConnect Job App to add and remove Indicators between ThreatConnect and the ArcSight Active Lists, ThreatConnect Playbook-based applications to add Indicators to and remove them from ArcSight Active Lists, and a set of ArcSight integration commands that allow users to interact with ThreatConnect using the ArcSight Console application (e.g., retrieve Indicator details, report observations and false positives to ThreatConnect).

This version of the integration uses CEF-formatted syslog to add Indicators from ThreatConnect to ArcSight ESM, as well as to remove them. If you prefer to deploy Indicators via the ArcSight ESM REST API, use the API integration for Micro Focus ArcSight ESM.

  

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.
TC Exchange™ is a trademark of ThreatConnect, Inc.
Java^® is a registered trademark of the Oracle Corporation.
Micro Focus^® is a registered trademark of Micro Focus (IP) Ltd.
Python^® is a registered trademark of the Python Software Foundation.