The content for ArcSight ESM has been moved to the ArcSight Marketplace: ArcSight ESM and SOAR Integration Content
ArcSight SOAR "from the ground up" Build Guide
This guide walks through adding SOAR to an existing ESM deployment. First, we’ll cover ESM content that needs to be created. Next, we’ll install the ArcSight Platform “from the ground up” with CentOS 7.9 Minimal installed nodes. Then, we’ll configure SOAR using the Fusion interface and install the Forwarding Connector. Finally, we’ll configure SSO with Fusion and ESM. There’s also a troubleshooting section, as well as information on integrating SOAR with MITRE ATT&CK and MISP (Malware Information Sharing Platform).
An ARB file with the ArcSight ESM content referenced in this guide is available on the ArcSight Marketplace.
I know it's not relevant to this guide but for BIND, I would put those files you put in /etc/named into /var/named. I know for SELinux and permissions, it can cause problems to use /etc/named.
I have attached "ArcSight_SOAR_Build_Guide_Content.7z" which contains an ARB file with the ArcSight ESM content referenced in this guide, as well as the yaml file used for this deployment scenario.
The PDF has been updated with CyberRes branding.