ArcSight SOAR "from the ground up" Build Guide

4 Likes
1 month ago

ArcSight SOAR "from the ground up" Build Guide
This guide walks through adding SOAR to an existing ESM deployment. First, we’ll cover ESM content that needs to be created. Next, we’ll install the ArcSight Platform “from the ground up” with CentOS 7.9 Minimal installed nodes. Then, we’ll configure SOAR using the Fusion interface and install the Forwarding Connector. Finally, we’ll configure SSO with Fusion and ESM. There’s also a troubleshooting section, as well as information on integrating SOAR with MITRE ATT&CK and MISP (Malware Information Sharing Platform).

An ARB file with the ArcSight ESM content referenced in this guide is available on the ArcSight Marketplace.

Contents

  • Description
  • ArcSight ESM Content
  • Install the ArcSight Platform
  • Configure SOAR
  • Install the Forwarding Connector
  • Troubleshooting
  • Enabling SSO with ESM
  • MITRE ATT&CK
  • MISP (Malware Information Sharing Platform)
  • Stopping and Starting the ArcSight Platform

PDF

https://marketplace.microfocus.com/arcsight/content/arcsight-esm-and-soar-integration-content

v1

  • Initial release

v1a

  • Added screenshot and information on multiple "Allowed IP Addresses"

v1b

  • Added details about deploying the Rule to the "Real-Time Rules" group

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended