ArcSight Smart Connectore for Ironport Email secuirty
I am new to ArcSight connector installation and I am trying to install a smart connector for Ironport email security appliance. I have read the configuration guide and installed a connector. The problem I am having is mapping the data into ESM fields. All the logs from the log file are coming under "Messages" but I need every field under Device Custom Strings/Number.
There was a nice demo at HP Protect using the flex connector to combine multiple logs to a single log. As you know Ironport ESA has 5-10 logs messages you have to parse through to see what happened, with the flex connector you can merge the log records into a single log.