CEF Config Guide for ThreatStream Optic 5.1

Summary:

The "CEF Connector Configuration Guide" is a document meant to help set up the HP ArcSight CEF connector to collect syslog events specifically for ThreatStream Optic 5.1 version. It highlights that the information should be used as a reference and suggests reporting errors directly to HP for updates. The guide explains how to configure ThreatStream Optic to send CEF-formatted syslog messages to a SIEM application, with detailed steps for installation on different platforms (Windows, Linux, Solaris). It also covers mapping vendor-specific event definitions to ArcSight data fields during the configuration process and includes an example of formatted syslog messages. Additionally, it provides state category definitions for indicators within ThreatStream's platform that are mapped to CEF events for integration into ArcSight.

Details:

The "CEF Connector Configuration Guide" is a document designed to assist in setting up the HP ArcSight CEF connector for syslog event collection, specifically tailored for ThreatStream Optic 5.1 version. It emphasizes that the information within this guide should only be used as reference and can change without prior notice. Users are encouraged to report any errors directly to HP for corrections or updates. The document outlines the steps required to configure ThreatStream Optic for sending CEF-formatted syslog messages to a SIEM application, including installation instructions on various platforms (Windows, Linux, Solaris). It provides detailed information about mapping vendor-specific event definitions to ArcSight data fields as part of the configuration process. The guide concludes with an example screenshot of the formatted syslog messages and lists state category definitions for indicators throughout their lifecycle within ThreatStream's platform, which are then mapped to CEF events for integration into ArcSight.