chris.lee@excer1 Absent Member.
Absent Member.

ArcSight Express distribution setup


currently we have 4 branch in different state which each branch are monitoring their own traffic with ArcSight Logger and ArcSight Express. and we are looking to centralize it by setting up a ArcSight Express at HQ.

  • we like to forward correlate log from each branch express to HQ centralize ArcSight Express.

Does this type of setup is recommended? anything that we need to take for consideration.

thank you.



Labels (1)
1 Reply
balahasan.v1 Acclaimed Contributor.
Acclaimed Contributor.

Re: ArcSight Express distribution setup

Hi Chris,

For that u need to deploy the Forwarding Connectors in ur Branch Locations and then u can configure to send/monitor anything happens in that branch setup.

Refer below:

For Latest ESM Release

And for ur Express and ESM Version, choose ur Forwarding Connector and check the Release notes for ur ArcSight Architecture Compatibility

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.