What is the best way to fetch raw events based on specific criteria (event IDs and time duration) from ArcSight ESM using the API?
We would like to fetch logs of certain recent events from ArcSight ESM within a time duration, say the most recent hour. Based on our research, it looks like there is no way to send a time duration within the web services API call. Anyone has tried this?
The idea is to create the Query Viewer service to look at the last hour's information and get the associated events. Any insights on this?