HP ArcSight Management Center Demo Script

Summary:

The document is an important notice regarding the confidentiality of information provided by HP, including details about its current products, sales, and service programs. It outlines that any data contained in this document should be treated as confidential and not shared or reproduced without authorization from HP. The information is intended for evaluation purposes only and comes with no warranty or liability claims. Proper acknowledgment and agreement to maintain confidentiality are required upon receipt of the document. This document provides a step-by-step guide for managing syslog and SmartMessage receivers through HP ArcMC, emphasizing centralization of configurations across multiple systems in an ArcSight environment. It includes instructions on updating Syslog port configuration, creating Logger SmartMessage receiver configuration, and checking compliance with centralized configurations. The document also outlines various configuration types used in a system, categorized into Connector Configuration Types, Logger Configuration Types, and System Admin Configuration Types. These include settings for connectors like BlueCoat and syslog, logger configurations such as filters and storage groups, and administrative configurations like network settings and user accounts.

Details:

The document is an important notice regarding the confidentiality of information provided by HP, including details about its current products, sales, and service programs. It outlines that any data contained in this document should be treated as confidential and not shared or reproduced without authorization from HP. The information is intended for evaluation purposes only and comes with no warranty or liability claims. Proper acknowledgment and agreement to maintain confidentiality are required upon receipt of the document. This document outlines a series of steps for configuring and managing syslog and SmartMessage receivers in an ArcSight environment using HP ArcMC. The steps include updating the port configuration on existing syslog connectors, creating new configurations for logger SmartMessage receivers, and checking compliance with centralized configurations. 1. **Update Syslog Port Configuration:**

• Open a terminal or SSH session to access the syslog SmartConnector in the ArcMC image.

• Run `netstat –au –n | grep 514` to confirm the current port configuration (initially set to 514).

• In the ArcMC interface, navigate to Configuration Management and import an existing syslog SmartConnector configuration.

• Modify the port from 514 to 515 in the Syslog Connector details and save the changes.

• Push the updated configuration to all relevant subscribers using the Subscribers tab.

2. **Create Logger SmartMessage Receiver Configuration:**

• In the ArcMC interface, navigate to Configuration Management and create a new configuration for Logger SmartMessage receivers.

• Configure the receiver with properties such as Name: SmartMessage, Enabled: Yes, and Encoding: UTF_8.

• Add the appropriate subscribers (Logger) and push the configuration out to them.

3. **Check Compliance:**

• In the ArcMC interface, navigate to Check Compliance to verify that the systems running the SmartConnectors are compliant with the centralized configuration settings.

This document provides a step-by-step guide for managing syslog and SmartMessage receivers through HP ArcMC, emphasizing centralization of configurations across multiple systems in an ArcSight environment. This document outlines various configuration types used in a system, categorized into different sections including Connector Configuration Types, Logger Configuration Types, and System Admin Configuration Types. These configurations are crucial for managing the functionality and settings of the system. Here's a summary breakdown: **Connector Configuration Types:**

• **BlueCoat Connector Configuration**: Settings specific to BlueCoat connectors.

• **FIPS Configuration**: Configuration related to Federal Information Processing Standards compliance.

• **Map File Configuration**: Settings for mapping files used in data processing.

• **Parser Override Configuration**: Custom settings for parsing data with overrides as necessary.

• **Syslog Connector Configuration**: Configuration of syslog connectors for logging purposes.

• **Windows Unified Connector (WUC) External/Internal Parameters Configuration**: Settings for external and internal parameters within the Windows Unified Connector.

**Connector Appliance/ArcMC Configuration Types:**

• **Connector Appliance/ArcMC Configuration**: General settings for connector appliances or ArcMC systems.

• **Backup Configuration**: Procedures and settings related to data backup.

**Logger Configuration Types:**

• **Logger Configuration Backup Configuration**: Settings for backing up logger configurations.

• **Logger Filter Configuration**: Custom filters applied to log data.

• **Logger SmartMessage Receiver Configuration**: Settings specific to the SmartMessage receiver within a logger.

• **Logger Storage Group Configuration**: Management of storage groups used by loggers.

• **Logger Transport Receiver Configuration**: Configuration settings for transport receivers in logger systems.

**System Admin Configuration Types:**

• **Authentication External/Local Password/Session**: Methods and levels of authentication including external, local with password or session-based methods.

• **DNS Configuration**: Settings related to Domain Name System configurations.

• **Network Configuration**: Network settings including IP addresses, subnet masks, and gateway configurations.

• **NTP Configuration**: Settings for Network Time Protocol which synchronizes system clocks across network devices.

• **SMTP Configuration**: Configuration of the Simple Mail Transfer Protocol used for email transmission.

• **SNMP Configuration**: Settings for Simple Network Management Protocol, enabling management of network devices.

• **Users Configuration**: User account settings and permissions management.

This document provides a comprehensive list of configuration types that are essential for maintaining and managing various aspects of the system as per HP Confidential guidelines, which includes restrictions on usage.