Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
ESM has "local" network for private address by default. When importing duplicate IP addresses using Asset Model Import FlexConnector, need to create multiple Networks and Zones in advance.
Products
ArcSight Enterprise Security Manager (ESM)
Environment
Asset Model Import FlexConnector - All versions
Situation
When importing duplicate IP addresses across groups like follows using Asset Model Import FlexConnector,
one of the assets will be broken if there is more than one corresponding IP address even if it is the different ParentGroupURI.
1. All Assets/TestA/asset_1 (IP:192.168.1.2)
2. All Assets/TestB/asset_2 (IP:192.168.1.2)※Could not add new asset from Asset Model Import FlexConnector
Cause
The address ranges in zones in the same network cannot overlap.
Any given IP address will be contained within the address range of at most one zone in that network.
However ESM has "local" network for private address by default.
Resolution
Create multiple networks and assign the zones to them in advance,
if the address ranges in zones in the same network (in this case "local") overlap.
For example, create two networks, NetworkA and NetworkB,
and assign ZoneA (IP range: 192.168.0.0 - 192.168.255.255) to NetworkA
and ZoneB (IP range: 192.168.0.0 - 192.168.255.255) to NetworkB.
And then, import asset_1 to ZoneA and asset_2 to ZoneB.
Additional Information
In the case of "duplicated asset name", they are able to create using ArcSight Console
but only one of assets is imported from Asset Model Import FlexConnector.
URL Name
KM000009425