The currently deployed smart connector imports data from our MISP instance into the ESM. My question is whether we need to map additional data names in our ESM, as I believe those fields already exist within the ArcSight fields.
Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
The currently deployed smart connector imports data from our MISP instance into the ESM. My question is whether we need to map additional data names in our ESM, as I believe those fields already exist within the ArcSight fields.
Please look in the unobfuscated parser files that you can download from the SLD portal.
There's a folder called 'misp'. This is what the gtap connector uses.
You could try applying a parser override in the user/agent/fcp/misp to extract extra information.
However you may run into different issues as this is a model import connector and they work slightly differently to traditional smart connectors