aaron.wayne@hpe1 Absent Member.
Absent Member.
249 views

Have connector execute a script for payload

I have a working tool that I programmed that will pull the payload from our IDS the current smart connector available does not send the payload data.  I heard there was a way to do this.  Is there an option on the smart connector configuration when installing to execute a script or does a flex connector have this capability

thanks to all who reply

Labels (2)
0 Likes
Reply
5 Replies
Highlighted
jgruwell Absent Member.
Absent Member.

Re: Have connector execute a script for payload

What IDS product are you using?

0 Likes
Reply
aaron.wayne@hpe1 Absent Member.
Absent Member.

Re: Have connector execute a script for payload

i already have a script that pulls its PAN aka palo alto networks....i just want all of this to be done on the connector rather than a tool i know it can be done just wondering if anyone has done this and can tell me how....thanks

0 Likes
Reply
balahasan.v1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Have connector execute a script for payload

Hi Aaron,

There are three options for that..

1. Integration Commands.

2. CounterACT Connectors.

3. Enabling "Preserve Raw Log" in Smart Connector but it will take more Memory.

0 Likes
Reply
aaron.wayne@hpe1 Absent Member.
Absent Member.

Re: Have connector execute a script for payload

counteract connectors seems like an interesting one....i already have the payload program as an arcsight tool.....how does this work it download the pcap and the payload tab is populated based on the pcap file being in a given directory on the manager or something.

I want the paylaod tab in arcsight to populate on the fly with the event

0 Likes
Reply
balahasan.v1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Have connector execute a script for payload

Hi Aaron,

  • Is your Connector is an Flex Connector then u need to check the field mapping. Else if it is an Smart conn u need to have Extra Mapping file.
  • Is this Payload data is properly updated in the actual log file before processing done by Connectors.
  • Have u checked with the "Preserve Raw Log" in Smart Connector to get the Actual log file with payload.
0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.