Commodore
Commodore
469 views

update an active list withput flex connector or perl script

I want to update an active list which will get data from a URL- after clicking the URL the csv file auto downloads and I want that to be read with out the flex connector (permission and cost associate with it)

How can I do that? I have seen URL feature in integration command center from ESM, any idea /  experience sharing would really help.

Thank you

Labels (4)
0 Likes
3 Replies
Lieutenant Commander
Lieutenant Commander

If it was me and based on what you stated above, I would write a python script to get the list from the web site (we do this for malleolus lists) then use the archive utility to insert into the lists or if you have a existing syslog, format the message if a CEF format and have a rule(s) do you what you need by triggering on the new incoming events (tag the device name as something like CSV_Update01) one rule can also empty the lists first if you need a clean list each time.

0 Likes
Commodore
Commodore

I am not familiar with python, I got a old post on python script but then, I need to know what is what in it. What is this archive utility that you are referring? using a corn job simply in any of the connector appliance, we can download that file in a interval, to my understanding. But how to read it with out flex connector? the file downloads as a csv, so that part is taken care of. I have syslog connector, but will it able to pull log?

0 Likes
Lieutenant Commander
Lieutenant Commander

Oh I thought you did not want to use a flex connector and any connector.  and what you talking about sounds like a web scrap or file download, either way Python (or Perl) can accomplish this.   some of the options I would try are creating a xml file for the data you download, again another script and importing to the list

Option 1: Script run on ArcSight manager to download or read file and put in XML format then run archive import to list.

The archive command is run from the manager bin directory but I run it from scripts, you can use a user who has rights to write to a group

so /opt/arcsight/manager/bin/scripts/..arcsight archive -i -u <username> -p <password> -m <manager host name> -f <archive file name> -uri "All <Resource name and group and resource name> ......

the -i is import.

Option 2: Script that reads in web file and writes using API to list

Option 3: Script that reads in web file and use ARCDT commands, which you can have it run against a SQL file and update the database, I would not use this one for persisting list data but in theory it could work.

Either way without a script and you want a automated way you will need a script.

Manually:  you can easily just import a CSV file to a list as normal

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.