Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Custom integrations or scripts - API's for ArcSight ESM and ArcSight Logger

Custom integrations or scripts - API's for ArcSight ESM and ArcSight Logger

The upcoming weeks i will be releasing a lot of new things to help people use and understand the API's available for ArcSight ESM and ArcSight Logger, after that i would like to create some new custom functionality and scripts that the community can enjoy, the only issue is that it would not really be efficient to create something that no one would want to use.

Please let me know if there is any custom work that you would love to see when it comes to interaction with these two products. All will be released on github in case people would like to make their own changes and tweaks, together with proper documentation and commented code for learning purposes.

Any type of request is appreciated, and the only requirement is that it is not related to a product that is behind a license wall as i would not be able to test it or access API documentation to the product.

A few examples of requests that i can think off:

1. Slack or messaging notifications. Being able to create a rule action that notifies your slack channel when an alert happens.

2. Open Source threat intelligence framework, scripts that retrieve threat intelligence sources from a large amount of open source feeds, being able to choose which ones you want to use, and feeding it to ESM through a syslog connector.

3. Logger interaction script. Something that you can manually run to for example return the results of a query in CLI. Could also be scheduled to create scheduled exports of certain queries.

UPDATE:

First version of Request Tracker integration with ESM has been released: 

https://community.softwaregrp.com/t5/ArcSight-User-Discussions/Unofficial-ESM-Request-Tracker-RT-Ticketing-Integration-released/td-p/1672538

First version of the ArcSight Logger API documentation + examples:

https://community.softwaregrp.com/t5/ArcSight-User-Discussions/Unofficial-API-documentation-and-examples-Part-1-3-ArcSight/td-p/1674083

 

To see all comments and members' feedback, please see discussion here.

 

Labels (2)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments

Hello Marius, 

Thank you very much for your efforts into developing API examples. Are you planning to release API examples for ESM as well? 

Best regards, 

Aneesh Salimkumar

Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2018-12-19 09:38
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.