idrammeh Absent Member.
Absent Member.
3496 views

ArcSightCategorizationWhitePaper.pdf

This document describes ArcSight event categorization from a technical perspective.  It is meant for anyone who needs to understand ArcSight's categorization schema.

12 Replies
MylesPowers1 Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Thankyou...a needed document.

0 Likes
vip
New Member.

Re: ArcSightCategorizationWhitePaper.pdf

It was very hard to find this documentation which is a MUST ! Could you please add the tags event and categorization ? It is said in the "6.0c ESM Console UserGuide" that you have to come to the forum and search for "ArcSight Event Categorization" to find this document, but it does not work because the correct tags are not in place. The PDF document should probably also be renamed to "ArcSight Categorization White Paper.pdf" (with spaces) so that it appears at the top of the search.

0 Likes
Samour Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Hi,

Is there a new version of this document available?

0 Likes
idrammeh Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Hi Samer,

This version is the latest one available for GA.  Please let me know if you have any question not answered in the doc.

Thanks

Issa

0 Likes
idrammeh Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Good point. I will look into that.

Thanks

Issa

0 Likes
Established Member.. MikeP
Established Member..

Re: ArcSightCategorizationWhitePaper.pdf

Hi Issa,

Can you confirm this is still the correct location?
user/content/agent/acp/categorization/current/.csv

There is a 'user/agent/acp/categorizer' directory, but no content, nor a categorization directory on the 6.0.7 connector.

Thanks, Mike

0 Likes
Highlighted
vip
New Member.

Re: ArcSightCategorizationWhitePaper.pdf

I don't know if it has changed but for agents below 6.0.7, the "content/" part of the path is indeed incorrect in this documentation.

0 Likes
idrammeh Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Hi Michael,

That path is actually incorrect. It should be user/agent/acp/categorizer.  I will have that updated.  This directory is where you put a categorization file if you want to override the one that comes with the connector.  Unless you have some categorization you want to override, it will be empty.

Please let me know if this did not answer your question or if you have other.

Thanks

Issa

0 Likes
idrammeh Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

I have added tags for this document and i hope it is easier to find now.  Please let me know if it is not.

0 Likes
idrammeh Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Hi Micheal,

I have updated the document and removed the mistake about the path.  Sorry for any inconvenience.

Thanks

Issa

0 Likes
Samour Absent Member.
Absent Member.

Re: ArcSightCategorizationWhitePaper.pdf

Any update to this document?

Has been over 2.5 years since last update

0 Likes
ianfitz Outstanding Contributor.
Outstanding Contributor.

Re: ArcSightCategorizationWhitePaper.pdf

Also, next release, can you also make sure you remove words like "Confidential" from the headers, if indeed it will be posted publicly on Protect (and hence not really Confidential)?

Thanks!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.