SlideShare a Scribd company logo

Integrating ArcSight with Enterprise Ticketing Systems.ppt

Download as PPT, PDF
M
modathernady

This document discusses integrating ArcSight with enterprise ticketing systems. It describes the options available in ArcSight Manager for enterprise integration, including exporting to external systems. It then provides a deep dive on exporting to external systems and the need for custom connectors. The rest of the document uses an ArcSight Remedy connector case study to illustrate how integration with Remedy works, including the architecture, schema mapping, installation, and configuration.

Technology
1 of 26
www.hp.com © 2014 HP Confidential 1 Integrating ArcSight with Enterprise Ticketing Systems Dhiraj Sharan Senior Software Engineer
www.hp.com © 2014 HP Confidential 2 Agenda ► Enterprise System Integration •Options Available in the ArcSight Manager ► Enterprise Ticketing Integration deep dive: Export to External System •How Export to External System works ► Need for an Enterprise System Connector ► Case Study: ArcSight Remedy Connector •Introduction to Remedy Action Request System •Architecture of ArcSight Remedy Connector •Mapping the Schema between Remedy and ArcSight •Installation and Configuration
www.hp.com © 2014 HP Confidential 3 Options Available for Enterprise System Integration with the ArcSight Manager 1. Export to External System •Export/import of XML files done by the Manager 2. Archive Tool •Externally launched command line client to export/import XML files from the Manager 3. External Scripts •Launch external scripts from Rule Actions or interactively from Console Tools
www.hp.com © 2014 HP Confidential 4 Options Available for Enterprise System Integration with the ArcSight Manager 4. SMTP •Send email notifications from Rule Actions 5. SNMP •Send SNMP traps from the Manager 6. Enterprise System Connector •Native integration
www.hp.com Export to External System © 2014 HP Confidential 5
www.hp.com © 2014 HP Confidential 6 Export to External System at the User Level ► Export to External System of Event ► Export to External System of Case 1. User Driven: right click on Event in Console 2. Automated: from Rule Action 3. User Drive: right click on Case in Console 4. Automated: via Case Search Group
www.hp.com © 2014 HP Confidential 7 1. User Driven Export to External System of Event Right click on Event in Console —> Export —> External Event Tracking System
www.hp.com © 2014 HP Confidential 8 2. Automated Export to External System of Event Automated Export to External System from Rule Action
www.hp.com © 2014 HP Confidential 9 3. User Driven Export to External System of Case Right click on Case —> Export —> External Event Tracking System
www.hp.com © 2014 HP Confidential 10 4. Automated Export to External System of Case Automated Export to External System from Case Search Group server.properties # ------------------------------------------------------------ # External Ticket System Configuration # ------------------------------------------------------------ # This configures in no. of seconds, data should be exported # to external trouble ticket systems. external.export.interval=60 # The Case Search Group that should be used for automatically # exporting events of cases that fall in the search criteria. #external.export.querygroup.uri=/All Cases/All Cases/Export Cases # Upper limit on number of cases to be exported from the query # group in one export cycle. external.export.querygroup.max=100
www.hp.com © 2014 HP Confidential 11 Tracking Event Exports via Cases ► Purpose: Audit Export to External System ► Case gets created behind the scenes in /All Cases/System Cases if the export was for an Event instead of a Case •Export to External System from Console UI right click on an Event •Export to External System from Rule Action ► So umbrella Case always there for ANY export
www.hp.com © 2014 HP Confidential 12 Export to External System: Export as XML File ► Periodic export/import every 60 seconds (default) ► Cases and their events are exported in archive XML format ► Archive file exported to archive/exports directory ―ExternalEventTrackingData_<timestamp>.xml ► Archive imports checked from archive/imports directory ―ExternalEventTrackingData_<timestamp>.xml ► DTDs of XML files available in schema/xml/archive directory on Manager
www.hp.com © 2014 HP Confidential 13 Agenda Refresher ► Enterprise System Integration •Options Available in the ArcSight Manager ► Enterprise Ticketing Integration deep dive: Export to External System •How Export to External System works ► Need for an Enterprise System Connector ► Case Study: ArcSight Remedy Connector •Introduction to Remedy Action Request System •Architecture of ArcSight Remedy Connector •Mapping the Schema between Remedy and ArcSight •Installation and Configuration
www.hp.com Enterprise System Connector © 2014 HP Confidential 14
www.hp.com © 2014 HP Confidential 15 Need for a Custom Connector To link archive XML with External Ticketing System ArcSight Manager Enterprise System Connector External Ticketing System Common ArcSight Standard for Ticketing Integration Custom Connector for Specific External Ticketing Systems Export to External System
www.hp.com ArcSight Remedy Connector © 2014 HP Confidential 16
www.hp.com © 2014 HP Confidential 17 BMC Remedy Action Request System (ARS) ► ARS is a Application Builder but NOT an Application ► ARS builds Service Applications in a request-centric, forms-driven, Workflow-based architecture ► ARS Integration Method •Remedy ARS API library •Remote API Protocol : Sun RPC ► Use Case for the current ArcSight Remedy Connector •Use Remedy as a ticketing interface instead of ArcSight Cases
www.hp.com © 2014 HP Confidential 18 Case Study: ArcSight Remedy Connector ► ArcSight Remedy Connector is a broker between ArcSight Manager and Remedy ARS •Remedy ARS server connection ―Uses Remedy ARS API library ―ARS API Protocol: Sun RPC •ArcSight Manager connection ―Uses XML file based protocol from Export to External System feature ―Runs as a service on the ArcSight Manager machine ► Watches for manager exported files in archive/exports ► Parses Archive XML and prepares data to submit to Remedy form ► Near real-time data transfer (default 60 seconds)
www.hp.com © 2014 HP Confidential 19 Architecture: ArcSight Remedy Connector Remedy ARS Server ArcSight Manager ArcSight Remedy Connector Remedy User Remedy Administrator Archive XML File Export/Import ArcSight Manager Server ArcSight Remedy Connector Architecture Remedy Web Server Remedy Database ARS RPC Protocol
www.hp.com © 2014 HP Confidential 20 Versions and Platforms ► ArcSight Remedy Connector •Current Release: 3.0.4 •Platforms: Windows, Solaris, Redhat Linux ► Supported ArcSight Manager Versions •Same Connector supports Manager versions 2.5, 3.0, 3.5 •Connector independent of Manager versions as long as Archive XML schema remains same ► Supported Remedy ARS Versions •Connector tested with Remedy ARS versions 5.1 to 6.3 •Future Remedy ARS versions maintain backward compatibility with Remedy ARS APIs used by Connector
www.hp.com © 2014 HP Confidential 21 Remedy ARS Server Data Flow: ArcSight Remedy Connector ArcSight Manager ArcSight Remedy Connector ArcSight ConsoleTM ArcSight XML Archive Manual or Automatic Export to External System of Cases and Events Case and Event data exported to the XML file Remedy Connector parses the XML data Ticket created in Remedy Remedy Ticket ID and Status reported back to the remedy connector Remedy Ticket ID and Status put as Archive XML file for updates Remedy Ticket ID and Status imported by the Manager Action
www.hp.com © 2014 HP Confidential 22 Two-way Integration ► Connector brings the Remedy Ticket Number back to ArcSight •Stored in Case External ID attribute ► Connector tracks Remedy Ticket Status changes and brings the STATUS back to ArcSight •Configure which Case attribute should hold Status ► Sends ticket number and status to the manager via XML file in archive/imports directory ► Other fields not synchronized in the current Connector Use Case ► Connector can be modified to synchronize other fields too since the Archive XML interface supports it
www.hp.com © 2014 HP Confidential 23 Defining the ArcSight Form in ARS
www.hp.com © 2014 HP Confidential 24 ► Remedy Schema •Every Remedy App is Unique with its own fields •Define Fields as per ArcSight Event Attributes desired ► ArcSight Schema ―Choose the ArcSight Event attributes to send to Remedy ► Mapping ArcSight and Remedy Schema ―Configured in config/arcremedyclient.properties in the Connector ► Note • Only the chosen Event fields are transferred to Remedy • Case fields are not transferred in the current Use Case # ------------------------------------------------------------ # Remedy field mappings for uplink (from arcsight to remedy) # ------------------------------------------------------------ # Set the name of the remedy form the arcsight remedy client # should submit event data to. remedy.event.form=ArcSight Ticket # Set the number of fields in the form remedy.event.form.fields=3 # Set the remedy field names to arcsight attribute names mapping remedy.event.form.field[0].name=TicketName arcsight.event.attribute[0].name=name remedy.event.form.field[1].name=IncidentTime arcsight.event.attribute[1].name=endTime remedy.event.form.field[2].name=ReportDevice arcsight.event.attribute[2].name=deviceAddress Mapping ArcSight Schema to Remedy Schema
www.hp.com © 2014 HP Confidential 25 Installation/Configuration ► Extract the ArcSightRemedyClient.3.0.4.zip file ► Running from command line: •bin/arcremedyclient <params> •Demonized version: bin/arcremedyclientsvc <params> ► Parameters •ArcSight Manager installation directory path, Remedy Username, Remedy Password, Remedy Servername, Remedy Port
www.hp.com © 2014 HP Confidential 26 Installation/Configuration ► Setup to run as a Service •Windows ―bin/arcremedyclientsvc –i •Solaris/Linux ―startup/solaris/runAsRoot –i ―/etc/init.d/arcremedyclient service configuration and startup script ► Set JAVA_HOME to use the ArcSight Manager’s JRE ► Schema mapping and other configuration ―config/arcremedyclient.properties ► Troubleshooting ―logs/arcremedy.log

Recommended

ArcSight Management Center 2.2 Release Notes.pdf
ArcSight Management Center 2.2 Release Notes.pdfArcSight Management Center 2.2 Release Notes.pdf
ArcSight Management Center 2.2 Release Notes.pdf
Protect724mouni
 
ArcSight Management Center 2.5 Release Notes
ArcSight Management Center 2.5 Release NotesArcSight Management Center 2.5 Release Notes
ArcSight Management Center 2.5 Release Notes
Protect724mouni
 
ArcMC 2.6 Release Notes
ArcMC 2.6 Release NotesArcMC 2.6 Release Notes
ArcMC 2.6 Release Notes
Protect724mouni
 
ArcMC 2.5.1 Release Notes
ArcMC 2.5.1 Release Notes ArcMC 2.5.1 Release Notes
ArcMC 2.5.1 Release Notes
Protect724mouni
 
ESM_Express_InstallGuide_6.9.0.pdf
ESM_Express_InstallGuide_6.9.0.pdfESM_Express_InstallGuide_6.9.0.pdf
ESM_Express_InstallGuide_6.9.0.pdf
Protect724v2
 
ArcSight Management Center 2.2 P1 Release Notes.pdf
ArcSight Management Center 2.2 P1 Release Notes.pdfArcSight Management Center 2.2 P1 Release Notes.pdf
ArcSight Management Center 2.2 P1 Release Notes.pdf
Protect724mouni
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-EngineArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
Protect724
 

Recommended

ArcSight Management Center 2.2 Release Notes.pdf
ArcSight Management Center 2.2 Release Notes.pdfArcSight Management Center 2.2 Release Notes.pdf
ArcSight Management Center 2.2 Release Notes.pdf
Protect724mouni
 
ArcSight Management Center 2.5 Release Notes
ArcSight Management Center 2.5 Release NotesArcSight Management Center 2.5 Release Notes
ArcSight Management Center 2.5 Release Notes
Protect724mouni
 
ArcMC 2.6 Release Notes
ArcMC 2.6 Release NotesArcMC 2.6 Release Notes
ArcMC 2.6 Release Notes
Protect724mouni
 
ArcMC 2.5.1 Release Notes
ArcMC 2.5.1 Release Notes ArcMC 2.5.1 Release Notes
ArcMC 2.5.1 Release Notes
Protect724mouni
 
ESM_Express_InstallGuide_6.9.0.pdf
ESM_Express_InstallGuide_6.9.0.pdfESM_Express_InstallGuide_6.9.0.pdf
ESM_Express_InstallGuide_6.9.0.pdf
Protect724v2
 
ArcSight Management Center 2.2 P1 Release Notes.pdf
ArcSight Management Center 2.2 P1 Release Notes.pdfArcSight Management Center 2.2 P1 Release Notes.pdf
ArcSight Management Center 2.2 P1 Release Notes.pdf
Protect724mouni
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-EngineArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
Protect724
 
ArcSight Management Center 2.1 Release Notes
ArcSight Management Center 2.1 Release NotesArcSight Management Center 2.1 Release Notes
ArcSight Management Center 2.1 Release Notes
Protect724mouni
 
Installation Guide for ESM 6.8c
Installation Guide for ESM 6.8cInstallation Guide for ESM 6.8c
Installation Guide for ESM 6.8c
Protect724migration
 
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Protect724mouni
 
ESM_SCG_AdminSystem_6.9.0.pdf
ESM_SCG_AdminSystem_6.9.0.pdfESM_SCG_AdminSystem_6.9.0.pdf
ESM_SCG_AdminSystem_6.9.0.pdf
Protect724v2
 
Aci dp
Aci dpAci dp
Aci dp
Zchabar Jhie
 
Hyperledger Composer architecture
Hyperledger Composer architectureHyperledger Composer architecture
Hyperledger Composer architecture
Simon Stone
 
Upgrading50 sp1or50sp2tov5.2
Upgrading50 sp1or50sp2tov5.2Upgrading50 sp1or50sp2tov5.2
Upgrading50 sp1or50sp2tov5.2
Protect724
 
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Protect724
 
ArcSight Express 4.0 Virtual Appliance Guide
ArcSight Express 4.0 Virtual Appliance GuideArcSight Express 4.0 Virtual Appliance Guide
ArcSight Express 4.0 Virtual Appliance Guide
Protect724v2
 
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
Protect724tk
 
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
Protect724tk
 
Fwd conn configguide_5.1.7.6151_6154
Fwd conn configguide_5.1.7.6151_6154Fwd conn configguide_5.1.7.6151_6154
Fwd conn configguide_5.1.7.6151_6154
Protect724
 
Forwarding Connector Release Notes for version 6.0.4.6830.0
Forwarding Connector Release Notes for version 6.0.4.6830.0 Forwarding Connector Release Notes for version 6.0.4.6830.0
Forwarding Connector Release Notes for version 6.0.4.6830.0
Protect724migration
 
ArcSight Management Center Migration Guide
ArcSight Management Center Migration GuideArcSight Management Center Migration Guide
ArcSight Management Center Migration Guide
Protect724mouni
 
EMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep diveEMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep dive
sansentinel
 
FwdConn_ConfigGuide_7.1.3.7495.0.pdf
FwdConn_ConfigGuide_7.1.3.7495.0.pdfFwdConn_ConfigGuide_7.1.3.7495.0.pdf
FwdConn_ConfigGuide_7.1.3.7495.0.pdf
Protect724v2
 
ArcSight Connector Appliance v6.1 Release Notes
ArcSight Connector Appliance v6.1 Release NotesArcSight Connector Appliance v6.1 Release Notes
ArcSight Connector Appliance v6.1 Release Notes
Protect724tk
 
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceNetwork Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Cloudian
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 

More Related Content

Similar to Integrating ArcSight with Enterprise Ticketing Systems.ppt

ArcSight Management Center 2.1 Release Notes
ArcSight Management Center 2.1 Release NotesArcSight Management Center 2.1 Release Notes
ArcSight Management Center 2.1 Release Notes
Protect724mouni
 
Installation Guide for ESM 6.8c
Installation Guide for ESM 6.8cInstallation Guide for ESM 6.8c
Installation Guide for ESM 6.8c
Protect724migration
 
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Protect724mouni
 
ESM_SCG_AdminSystem_6.9.0.pdf
ESM_SCG_AdminSystem_6.9.0.pdfESM_SCG_AdminSystem_6.9.0.pdf
ESM_SCG_AdminSystem_6.9.0.pdf
Protect724v2
 
Aci dp
Aci dpAci dp
Aci dp
Zchabar Jhie
 
Hyperledger Composer architecture
Hyperledger Composer architectureHyperledger Composer architecture
Hyperledger Composer architecture
Simon Stone
 
Upgrading50 sp1or50sp2tov5.2
Upgrading50 sp1or50sp2tov5.2Upgrading50 sp1or50sp2tov5.2
Upgrading50 sp1or50sp2tov5.2
Protect724
 
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Protect724
 
ArcSight Express 4.0 Virtual Appliance Guide
ArcSight Express 4.0 Virtual Appliance GuideArcSight Express 4.0 Virtual Appliance Guide
ArcSight Express 4.0 Virtual Appliance Guide
Protect724v2
 
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
Protect724tk
 
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
Protect724tk
 
Fwd conn configguide_5.1.7.6151_6154
Fwd conn configguide_5.1.7.6151_6154Fwd conn configguide_5.1.7.6151_6154
Fwd conn configguide_5.1.7.6151_6154
Protect724
 
Forwarding Connector Release Notes for version 6.0.4.6830.0
Forwarding Connector Release Notes for version 6.0.4.6830.0 Forwarding Connector Release Notes for version 6.0.4.6830.0
Forwarding Connector Release Notes for version 6.0.4.6830.0
Protect724migration
 
ArcSight Management Center Migration Guide
ArcSight Management Center Migration GuideArcSight Management Center Migration Guide
ArcSight Management Center Migration Guide
Protect724mouni
 
EMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep diveEMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep dive
sansentinel
 
FwdConn_ConfigGuide_7.1.3.7495.0.pdf
FwdConn_ConfigGuide_7.1.3.7495.0.pdfFwdConn_ConfigGuide_7.1.3.7495.0.pdf
FwdConn_ConfigGuide_7.1.3.7495.0.pdf
Protect724v2
 
ArcSight Connector Appliance v6.1 Release Notes
ArcSight Connector Appliance v6.1 Release NotesArcSight Connector Appliance v6.1 Release Notes
ArcSight Connector Appliance v6.1 Release Notes
Protect724tk
 
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceNetwork Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Cloudian
 

Similar to Integrating ArcSight with Enterprise Ticketing Systems.ppt (20)

ArcSight Management Center 2.1 Release Notes
ArcSight Management Center 2.1 Release NotesArcSight Management Center 2.1 Release Notes
ArcSight Management Center 2.1 Release Notes
 
Installation Guide for ESM 6.8c
Installation Guide for ESM 6.8cInstallation Guide for ESM 6.8c
Installation Guide for ESM 6.8c
 
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
 
System Client Details
System Client DetailsSystem Client Details
System Client Details
 
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
Forwarding Connector 7.0.1.6992.0 User Guide for ESM 6.5c SP1
 
ESM_SCG_AdminSystem_6.9.0.pdf
ESM_SCG_AdminSystem_6.9.0.pdfESM_SCG_AdminSystem_6.9.0.pdf
ESM_SCG_AdminSystem_6.9.0.pdf
 
Aci dp
Aci dpAci dp
Aci dp
 
Hyperledger Composer architecture
Hyperledger Composer architectureHyperledger Composer architecture
Hyperledger Composer architecture
 
Upgrading50 sp1or50sp2tov5.2
Upgrading50 sp1or50sp2tov5.2Upgrading50 sp1or50sp2tov5.2
Upgrading50 sp1or50sp2tov5.2
 
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
 
ArcSight Express 4.0 Virtual Appliance Guide
ArcSight Express 4.0 Virtual Appliance GuideArcSight Express 4.0 Virtual Appliance Guide
ArcSight Express 4.0 Virtual Appliance Guide
 
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
ArcSight Administration and ArcSight System Standard Content Guide (ESM v6.9.1c)
 
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...
 
Fwd conn configguide_5.1.7.6151_6154
Fwd conn configguide_5.1.7.6151_6154Fwd conn configguide_5.1.7.6151_6154
Fwd conn configguide_5.1.7.6151_6154
 
Forwarding Connector Release Notes for version 6.0.4.6830.0
Forwarding Connector Release Notes for version 6.0.4.6830.0 Forwarding Connector Release Notes for version 6.0.4.6830.0
Forwarding Connector Release Notes for version 6.0.4.6830.0
 
ArcSight Management Center Migration Guide
ArcSight Management Center Migration GuideArcSight Management Center Migration Guide
ArcSight Management Center Migration Guide
 
EMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep diveEMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep dive
 
FwdConn_ConfigGuide_7.1.3.7495.0.pdf
FwdConn_ConfigGuide_7.1.3.7495.0.pdfFwdConn_ConfigGuide_7.1.3.7495.0.pdf
FwdConn_ConfigGuide_7.1.3.7495.0.pdf
 
ArcSight Connector Appliance v6.1 Release Notes
ArcSight Connector Appliance v6.1 Release NotesArcSight Connector Appliance v6.1 Release Notes
ArcSight Connector Appliance v6.1 Release Notes
 
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceNetwork Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
 

Recently uploaded

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 

Recently uploaded (20)

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 

Integrating ArcSight with Enterprise Ticketing Systems.ppt

  • 1. www.hp.com © 2014 HP Confidential 1 Integrating ArcSight with Enterprise Ticketing Systems Dhiraj Sharan Senior Software Engineer
  • 2. www.hp.com © 2014 HP Confidential 2 Agenda ► Enterprise System Integration •Options Available in the ArcSight Manager ► Enterprise Ticketing Integration deep dive: Export to External System •How Export to External System works ► Need for an Enterprise System Connector ► Case Study: ArcSight Remedy Connector •Introduction to Remedy Action Request System •Architecture of ArcSight Remedy Connector •Mapping the Schema between Remedy and ArcSight •Installation and Configuration
  • 3. www.hp.com © 2014 HP Confidential 3 Options Available for Enterprise System Integration with the ArcSight Manager 1. Export to External System •Export/import of XML files done by the Manager 2. Archive Tool •Externally launched command line client to export/import XML files from the Manager 3. External Scripts •Launch external scripts from Rule Actions or interactively from Console Tools
  • 4. www.hp.com © 2014 HP Confidential 4 Options Available for Enterprise System Integration with the ArcSight Manager 4. SMTP •Send email notifications from Rule Actions 5. SNMP •Send SNMP traps from the Manager 6. Enterprise System Connector •Native integration
  • 6. www.hp.com © 2014 HP Confidential 6 Export to External System at the User Level ► Export to External System of Event ► Export to External System of Case 1. User Driven: right click on Event in Console 2. Automated: from Rule Action 3. User Drive: right click on Case in Console 4. Automated: via Case Search Group
  • 7. www.hp.com © 2014 HP Confidential 7 1. User Driven Export to External System of Event Right click on Event in Console —> Export —> External Event Tracking System
  • 8. www.hp.com © 2014 HP Confidential 8 2. Automated Export to External System of Event Automated Export to External System from Rule Action
  • 9. www.hp.com © 2014 HP Confidential 9 3. User Driven Export to External System of Case Right click on Case —> Export —> External Event Tracking System
  • 10. www.hp.com © 2014 HP Confidential 10 4. Automated Export to External System of Case Automated Export to External System from Case Search Group server.properties # ------------------------------------------------------------ # External Ticket System Configuration # ------------------------------------------------------------ # This configures in no. of seconds, data should be exported # to external trouble ticket systems. external.export.interval=60 # The Case Search Group that should be used for automatically # exporting events of cases that fall in the search criteria. #external.export.querygroup.uri=/All Cases/All Cases/Export Cases # Upper limit on number of cases to be exported from the query # group in one export cycle. external.export.querygroup.max=100
  • 11. www.hp.com © 2014 HP Confidential 11 Tracking Event Exports via Cases ► Purpose: Audit Export to External System ► Case gets created behind the scenes in /All Cases/System Cases if the export was for an Event instead of a Case •Export to External System from Console UI right click on an Event •Export to External System from Rule Action ► So umbrella Case always there for ANY export
  • 12. www.hp.com © 2014 HP Confidential 12 Export to External System: Export as XML File ► Periodic export/import every 60 seconds (default) ► Cases and their events are exported in archive XML format ► Archive file exported to archive/exports directory ―ExternalEventTrackingData_<timestamp>.xml ► Archive imports checked from archive/imports directory ―ExternalEventTrackingData_<timestamp>.xml ► DTDs of XML files available in schema/xml/archive directory on Manager
  • 13. www.hp.com © 2014 HP Confidential 13 Agenda Refresher ► Enterprise System Integration •Options Available in the ArcSight Manager ► Enterprise Ticketing Integration deep dive: Export to External System •How Export to External System works ► Need for an Enterprise System Connector ► Case Study: ArcSight Remedy Connector •Introduction to Remedy Action Request System •Architecture of ArcSight Remedy Connector •Mapping the Schema between Remedy and ArcSight •Installation and Configuration
  • 15. www.hp.com © 2014 HP Confidential 15 Need for a Custom Connector To link archive XML with External Ticketing System ArcSight Manager Enterprise System Connector External Ticketing System Common ArcSight Standard for Ticketing Integration Custom Connector for Specific External Ticketing Systems Export to External System
  • 17. www.hp.com © 2014 HP Confidential 17 BMC Remedy Action Request System (ARS) ► ARS is a Application Builder but NOT an Application ► ARS builds Service Applications in a request-centric, forms-driven, Workflow-based architecture ► ARS Integration Method •Remedy ARS API library •Remote API Protocol : Sun RPC ► Use Case for the current ArcSight Remedy Connector •Use Remedy as a ticketing interface instead of ArcSight Cases
  • 18. www.hp.com © 2014 HP Confidential 18 Case Study: ArcSight Remedy Connector ► ArcSight Remedy Connector is a broker between ArcSight Manager and Remedy ARS •Remedy ARS server connection ―Uses Remedy ARS API library ―ARS API Protocol: Sun RPC •ArcSight Manager connection ―Uses XML file based protocol from Export to External System feature ―Runs as a service on the ArcSight Manager machine ► Watches for manager exported files in archive/exports ► Parses Archive XML and prepares data to submit to Remedy form ► Near real-time data transfer (default 60 seconds)
  • 19. www.hp.com © 2014 HP Confidential 19 Architecture: ArcSight Remedy Connector Remedy ARS Server ArcSight Manager ArcSight Remedy Connector Remedy User Remedy Administrator Archive XML File Export/Import ArcSight Manager Server ArcSight Remedy Connector Architecture Remedy Web Server Remedy Database ARS RPC Protocol
  • 20. www.hp.com © 2014 HP Confidential 20 Versions and Platforms ► ArcSight Remedy Connector •Current Release: 3.0.4 •Platforms: Windows, Solaris, Redhat Linux ► Supported ArcSight Manager Versions •Same Connector supports Manager versions 2.5, 3.0, 3.5 •Connector independent of Manager versions as long as Archive XML schema remains same ► Supported Remedy ARS Versions •Connector tested with Remedy ARS versions 5.1 to 6.3 •Future Remedy ARS versions maintain backward compatibility with Remedy ARS APIs used by Connector
  • 21. www.hp.com © 2014 HP Confidential 21 Remedy ARS Server Data Flow: ArcSight Remedy Connector ArcSight Manager ArcSight Remedy Connector ArcSight ConsoleTM ArcSight XML Archive Manual or Automatic Export to External System of Cases and Events Case and Event data exported to the XML file Remedy Connector parses the XML data Ticket created in Remedy Remedy Ticket ID and Status reported back to the remedy connector Remedy Ticket ID and Status put as Archive XML file for updates Remedy Ticket ID and Status imported by the Manager Action
  • 22. www.hp.com © 2014 HP Confidential 22 Two-way Integration ► Connector brings the Remedy Ticket Number back to ArcSight •Stored in Case External ID attribute ► Connector tracks Remedy Ticket Status changes and brings the STATUS back to ArcSight •Configure which Case attribute should hold Status ► Sends ticket number and status to the manager via XML file in archive/imports directory ► Other fields not synchronized in the current Connector Use Case ► Connector can be modified to synchronize other fields too since the Archive XML interface supports it
  • 23. www.hp.com © 2014 HP Confidential 23 Defining the ArcSight Form in ARS
  • 24. www.hp.com © 2014 HP Confidential 24 ► Remedy Schema •Every Remedy App is Unique with its own fields •Define Fields as per ArcSight Event Attributes desired ► ArcSight Schema ―Choose the ArcSight Event attributes to send to Remedy ► Mapping ArcSight and Remedy Schema ―Configured in config/arcremedyclient.properties in the Connector ► Note • Only the chosen Event fields are transferred to Remedy • Case fields are not transferred in the current Use Case # ------------------------------------------------------------ # Remedy field mappings for uplink (from arcsight to remedy) # ------------------------------------------------------------ # Set the name of the remedy form the arcsight remedy client # should submit event data to. remedy.event.form=ArcSight Ticket # Set the number of fields in the form remedy.event.form.fields=3 # Set the remedy field names to arcsight attribute names mapping remedy.event.form.field[0].name=TicketName arcsight.event.attribute[0].name=name remedy.event.form.field[1].name=IncidentTime arcsight.event.attribute[1].name=endTime remedy.event.form.field[2].name=ReportDevice arcsight.event.attribute[2].name=deviceAddress Mapping ArcSight Schema to Remedy Schema
  • 25. www.hp.com © 2014 HP Confidential 25 Installation/Configuration ► Extract the ArcSightRemedyClient.3.0.4.zip file ► Running from command line: •bin/arcremedyclient <params> •Demonized version: bin/arcremedyclientsvc <params> ► Parameters •ArcSight Manager installation directory path, Remedy Username, Remedy Password, Remedy Servername, Remedy Port
  • 26. www.hp.com © 2014 HP Confidential 26 Installation/Configuration ► Setup to run as a Service •Windows ―bin/arcremedyclientsvc –i •Solaris/Linux ―startup/solaris/runAsRoot –i ―/etc/init.d/arcremedyclient service configuration and startup script ► Set JAVA_HOME to use the ArcSight Manager’s JRE ► Schema mapping and other configuration ―config/arcremedyclient.properties ► Troubleshooting ―logs/arcremedy.log