Given search parameters stored within an XML structure, how does one go about ingesting saved searches [Not events] into ArcSight ESM?
I am trying to help out a colleague of mine by making it simpler to automatically ingest the many potent saved searches / correlations that I have developed to guard over my enterprise environment.
I’d like to develop an XML parser to MySQL translator that can update the requisite database(s) accordingly. My problem is that I don’t know ArcSight’s ‘insides’ well enough (e.g., which database(s), SQL statements or stored procedures to interface with) If anyone can please tell me the pieces, I can write the software to make it work. I am most happy to share the finished product with the group! Thanks in advance for sharing your expertise.