ArcSight Express distribution setup
currently we have 4 branch in different state which each branch are monitoring their own traffic with ArcSight Logger and ArcSight Express. and we are looking to centralize it by setting up a ArcSight Express at HQ.
- we like to forward correlate log from each branch express to HQ centralize ArcSight Express.
Does this type of setup is recommended? anything that we need to take for consideration.
Re: ArcSight Express distribution setup
For that u need to deploy the Forwarding Connectors in ur Branch Locations and then u can configure to send/monitor anything happens in that branch setup.
For Latest ESM Release
And for ur Express and ESM Version, choose ur Forwarding Connector and check the Release notes for ur ArcSight Architecture Compatibility