Custom integrations or scripts - API's for ArcSight ESM and ArcSight Logger
The upcoming weeks i will be releasing a lot of new things to help people use and understand the API's available for ArcSight ESM and ArcSight Logger, after that i would like to create some new custom functionality and scripts that the community can enjoy, the only issue is that it would not really be efficient to create something that no one would want to use.
Please let me know if there is any custom work that you would love to see when it comes to interaction with these two products. All will be released on github in case people would like to make their own changes and tweaks, together with proper documentation and commented code for learning purposes.
Any type of request is appreciated, and the only requirement is that it is not related to a product that is behind a license wall as i would not be able to test it or access API documentation to the product.
A few examples of requests that i can think off:
1. Slack or messaging notifications. Being able to create a rule action that notifies your slack channel when an alert happens.
2. Open Source threat intelligence framework, scripts that retrieve threat intelligence sources from a large amount of open source feeds, being able to choose which ones you want to use, and feeding it to ESM through a syslog connector.
3. Logger interaction script. Something that you can manually run to for example return the results of a query in CLI. Could also be scheduled to create scheduled exports of certain queries.
First version of Request Tracker integration with ESM has been released:
First version of the ArcSight Logger API documentation + examples:
To see all comments and members' feedback, please see discussion here.