Is there an automated way, to create a list of all the content currently in Arcsight

I am attempting to create a list of all the content currently listed in ArcSight, is it at all possible to export the arb file and create a readable list

Tags:

  • Hi Lee,

    You can export all as a package.

    Cheers

    Gayan

  • Hi Gayan

    I know you can export as a package which will produce an arb file .. I was just wondering if there was a way to get the package into a list or csv

    cheers

  • I've done this in a manual way by right-clicking the ARB and viewing all the resources. This brings up all the resources in the Viewer panel. From here I select all and copy paste. From here, I did some manual work with importing it in to Excel and then do some formatting. This is not automated, but something I have done to see build an Excel spreadsheet to have a list of all the default content. Perhaps you've tried this already. I'm sure there's an easier way...

  • Hi Lee,

    I guess you can achieve this through API. But you may need to do some home work for that

    Cheers

    Gayan

  • Hi Lee,

    I once ran into a similar problem when I tried to retreive the email addresses from ArcSight users on my ESM. I ended up with a bash script running on the ESM that queries the system table DB. For your purposes your query could look like this:

    /opt/arcsight/logger/current/arcsight/bin/mysql -u arcsight -B -e "SELECT arc_resource.id AS Resource_ID,arc_resource_ref.uri AS Resource_URI FROM arcsight.arc_resource, arcsight.arc_resource_ref WHERE arc_resource.id = arc_resource_ref.id AND arc_resource_ref.uri RLIKE 'All Filters|All Rules|All Queries';" > /target/path/for/output/list.txt

    This would give you a file with resource ID and complete resource URI. Using RLIKE you can specifiy the types of resources you wish to see listed based on the top folder name, separated by '|'. Without this every resource will end up in the output file, including resources that don't show up in the Console, i.e. Database Table Schemas or Instruments.

    Note that I don't specify the password for the DB user. Instead, the user has its own my.cnf with the password specified in it so there will be no prompting for a password. This way the script can run automatically using a CRON job.

    Cheers

    Christian