update an active list withput flex connector or perl script
I want to update an active list which will get data from a URL- after clicking the URL the csv file auto downloads and I want that to be read with out the flex connector (permission and cost associate with it)
How can I do that? I have seen URL feature in integration command center from ESM, any idea / experience sharing would really help.
If it was me and based on what you stated above, I would write a python script to get the list from the web site (we do this for malleolus lists) then use the archive utility to insert into the lists or if you have a existing syslog, format the message if a CEF format and have a rule(s) do you what you need by triggering on the new incoming events (tag the device name as something like CSV_Update01) one rule can also empty the lists first if you need a clean list each time.
I am not familiar with python, I got a old post on python script but then, I need to know what is what in it. What is this archive utility that you are referring? using a corn job simply in any of the connector appliance, we can download that file in a interval, to my understanding. But how to read it with out flex connector? the file downloads as a csv, so that part is taken care of. I have syslog connector, but will it able to pull log?
Oh I thought you did not want to use a flex connector and any connector. and what you talking about sounds like a web scrap or file download, either way Python (or Perl) can accomplish this. some of the options I would try are creating a xml file for the data you download, again another script and importing to the list
Option 1: Script run on ArcSight manager to download or read file and put in XML format then run archive import to list.
The archive command is run from the manager bin directory but I run it from scripts, you can use a user who has rights to write to a group
so /opt/arcsight/manager/bin/scripts/..arcsight archive -i -u <username> -p <password> -m <manager host name> -f <archive file name> -uri "All <Resource name and group and resource name> ......
the -i is import.
Option 2: Script that reads in web file and writes using API to list
Option 3: Script that reads in web file and use ARCDT commands, which you can have it run against a SQL file and update the database, I would not use this one for persisting list data but in theory it could work.
Either way without a script and you want a automated way you will need a script.
Manually: you can easily just import a CSV file to a list as normal