ArcSight ESM 7 Patch2 - NULL values in Event Graph


Recently I have upgraded the ESM 7 Patch1 to ESM7 Patch2 in order to avoid a bug with NULL values in Bar Charts and Pie Charts detected in ArcSight Command Center.

After the upgrade and while I am trying to create "Event Graph" Data monitors I am observing several NULL values when choosing different fields.

For example:

- Filter with base events

-Source Node Identifier - AttackerGeoCountryName

-Event Node Identifier - categoryTechnique (NULL issue)

-Target Node Identifier - targetPort

Changes in Event Node Identifier:

DeviceEventClassId --> NULL

DeviceProduct --> NULL

Name --> OK / NOT NULL

So, may the issue related with the fact that the Event Graph accepts specific ArcSight fields and is not a bug? Is there a list with the fields that Event Graph accepts?

Just also to mention 2 things:

- All the fields populated normally in an Active Channel

- The issue is both on ArcSight Console and ArcSight Command Center




0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.