I have taken over an Arcsight implementation with limited experience in the management of the backend. Most of the Connectors were set up before I got here. I have only had a hand in setting up a SEP and AIX connector, so no Windows connectors at this point. We currently have 6 Windows unified connectors set up to glean security log data only. In looking at the configuration wizard for these connectors, I'm a little confused about some of the parameters and what they are used for.
In part of the configuration, it asks for the Domain Name, Domain User Name, Domain User Password, Active Directory Server, Active Directory User Name, etc etc. When you get to the screen to add windows hosts, it also asks for the Domain Name, the Host Name, the User Name, and Password.
On our Connectors, we have a disparity going on between what's in these fields. For example, we have one connector that has a fqdn domain listed in the first Domain Name that isn't the domain that the host's are in with an account listed that doesn't even exist in that domain, but with an active directory server for that domain, and then it has no Domain Name listed in the Hosts table and no User Name, but it has a password listed. I checked, and we are definitely receiving security logs from this connector.
Then we have another connector that's set up with the first Domain Name as just the base name of the domain, but without the .com or anything, and it has the IP address listed as the Active Directory Server and a user name and password that is in that domain, and then there is no Domain Name listed in the Hosts table, but it does have the same user name and password that is on the first configuration page for the Smartconnector.
Then we have another one that have the fqdn, a proper Domain User Name and Password and the fqdn of the AD server with the same AD user name and password as the other one, but again no Domain Name, no User name, but does have a password defined.
Can someone tell me exactly what these fields are used for on Windows Unified connectors, and how they are supposed to be set up.