Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Commander Commander
Commander
531 views

Dashboard SOC on Command Center

Hi,

what I should configure in the ArcSight Console to setup  the correct location on the SOC dashboard in Command Center. My proper location I setup UK and POLAND
look below

SOC.jpg

regards

Robert

0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Hi Robert,

Thanks for your post.

The "node" location positioned off the west coast of Africa is the "default" for events that have source/destination locations that are essentially "unknown".

If the source and destination for events are for geolocations that are known, then these will be mapped using the geo-location data shipped with ESM and updated periodically thru patches and context updates.

The ArcSight Command Center User Guide shows the following on p31:

The events must come from external addresses with genuine geographic locations in
order for the SOC Manager to display the paths accordingly.

If there are IP addresses which are private addresses that are internal to your own networks, then the location data will depend upon your network model.  If you configure you network model and within that data you specify the location of networks and/or assets then that will be translated onto the SOC View map.

For more information on the setup and configuration of the network and asset model, please take a look at the following references:

ArcSight ESM Console User Guide - Ch5 Modeling the Network
Arcsight 101 - Ch 12 The Network Model

I hope that this helps,

Best regards,

Darren

ArcSight Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
0 Likes
Commander Commander
Commander

Hi Darren,

thanks for reply,

below my network model cfg. can you look and say what is wrong ?

1.JPG2.JPG

 

 

 

 

 

 

3.JPG

regards

Robert

 

 

 

 

 

 

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi Robert,

Based upon the screenshots,  the settings look good.  For events that are being ingested by your ESM to pick up this information,  they will need to match into the network model.    It could be worth checking that the connectors from where you receive the events are assigned to the network(s) of interest (see the "Connectors" Tab within the network object)..  If they are not, then they my fall through to the Local network instead.

If you have any "Customer" resources created, I believe you will also need to ensure that the connectors of interest have their Customer URI set to ensure that the incoming events are "plugged into" the network and asset model you have created.  You can see that from the connector's "Default" tab under the subsection "Network".

Hope this helps,

Best regards,

Darren

 

ArcSight Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
0 Likes
Commodore Commodore
Commodore

I believe that you need to set the lat long of the connector that is ingesting those events then you can do all the fancy geo chats

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.