Configure HP ArcSight Event Forwarding

HP ArcSight™ is a security management application that combines event correlation and security analytics to identify and prioritize threats. A dedicated ArcSight connector using CEF format is available in BeyondInsight.

Use the connector over Syslog.

  1. In the BeyondInsight Console, go to Configuration > General > Connectors.
  2. In the Connectors pane, click Create New Connector.
  3. Enter a name for the connector.
  1. Select HP ArcSight Event Forwarding from the Connector Type list.
  2. Click Create Connector.
  3. Leave Active (yes) enabled.
  4. Provide the required details for your ArcSight server:
    • Select the protocol from the Available Output Pipelines list: TCP, TCP-SSL, or UDP.
    • Enter Host Name and Port.
  5. Expand Event Filters, and then select the events that you want to forward.
  6. Click Test Connector to send a test event message.
  7. Click Create Connector.

If an event is received from Password Safe Cloud, a Resource Zone can now be associated with any connector that sends data using syslog. If selected, Password Safe Cloud proxies the syslog data through the Resource Brokers associated with that Resource Zone.