cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

integration of ATA with Arcsight SIEM

walid hegazy
Copper Contributor

‎Jan 22 2019 09:36 PM - last edited on ‎Nov 30 2021 10:06 AM by

‎Jan 22 2019 09:36 PM - last edited on ‎Nov 30 2021 10:06 AM by

integration of ATA with Arcsight SIEM

We have configured all the settings to forward events through Syslog through port 514 and network access is also verified. But the events are not  forwarding  to arcsight SIEM.

1,716 Views
0 Likes
2 Replies
Reply
2 Replies
Eli Ofek

‎Jan 23 2019 05:37 AM

‎Jan 23 2019 05:37 AM

Re: integration of ATA with Arcsight SIEM

Are there any errors in the center logs that seems related?

https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-using-logs#ata-center...

 

I am guessing you are using UDP. if your SIEM supports it I would suggest for troubleshooting switching to TCP. in UDP, if there is a network blocker, We can't tell. for TCP we will generate errors in the logs.

0 Likes
Reply
Gerson Levitz

‎Jan 27 2019 10:41 PM

‎Jan 27 2019 10:41 PM

Re: integration of ATA with Arcsight SIEM

Have you tested the connection with Arcsight? If yes, did Arcsight receive the test message? 

 

There is a test button on the page you configure the settings to send the notifications to your SIEM. 

 

https://docs.microsoft.com/en-us/advanced-threat-analytics/setting-syslog-email-server-settings#prov...

 

 

0 Likes
Reply