Please let me know do we have a smart connector for "bluVector" and "Centripetal", We are in need of integrating it to Arcsight Express.
Thanks in advance.
good places to look and for reference
The first port to check these things should always be the vendor themselves. This will fill in a lot of the gaps around what, how and where and is usually more accurate than anything else. We have a number of initiatives in place, such as CEF that we can provide support around. Vendors can choose to support CEF, certify to CEF or help us to produce a standard supported connector - there are varying efforts involved, but the deal is pretty obvious.
More and more, third-parties are going down the CEF route as its easier, simpler and less prone to errors (on all sides). In the case of these two sources, it seems that Centripetal DOES do CEF:
In this case, follow up with them directly on how you configure their tool to generate CEF data. To receive CEF data, just use your Syslog SmartConnector.
For BluVector, this doesnt currently appear as a CEF supported source or as one that we directly support. In that case, I would look at getting a FlexConnector created for it. This will take a little planning but does not need to take that much effort to do. Steps would be around the following:
1) Check with BluVector what protocol they use and if they can tell you what the format is - for example Syslog, file etc
2) Check out the FlexConnector guide for some background on how to do this - ArcSight FlexConnector Developer's Guide
4) Any issues, drop a note back here and I am sure someone will help.