Activate and configure HPE ArcSight Logger - Incident Enrichment integration

The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including HPE ArcSight Logger - Incident Enrichment integration.

Before you begin

Role required: sn_si_admin
Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method.

About this task

Procedure

  1. Navigate to Security Operations > Integrations > Integration Configurations.
    The available security integrations appear as a series of cards.
    HPE ArcSight Logger - Incident Enrichment integration card
  2. In the HPE ArcSight Logger - Incident Enrichment card, click Install Plugin.
  3. In the Install HPE ArcSight Logger - Incident Enrichment integration dialog box, review the plugin details and click Activate.
  4. When the activation is complete, click Close & Reload Form.
    The Security Integration screen reloads and the Configure button for the integration is available.
  5. Click Configure.
  6. Enter the ArcSight Logger API URL you acquired from the HPE Security ArcSight Logger site.
  7. [Optional] Enter the Link URL - links to an ArcSight Logger search interface, when available.
  8. Enter your HPE ArcSight Logger Username
  9. Enter your HPE ArcSight Logger Password
  10. Enter the Max Rows - the maximum number of rows you want to search.
  11. Enter the Earliest Result (days) - the earliest results you want to see in number of days.
  12. [Optional] Check All Peers - The default is unchecked and searches only the local logger you are connected to. When checked, it searches all the loggers that are connected to one another.
    Note: To search all peers, you must have credentials with permissions for each logger queried.
  13. Click Submit.
    You are returned to Security Integrations screen. You are ready to use the HPE ArcSight Logger - Incident Enrichment integration.