Lieberman Software CEF Certified Configuration Guide

Summary:

This document serves as a guide for configuring ERPM (Enterprise Random Password Manager) to work seamlessly with ArcSight, specifically for event collection and forwarding purposes. It provides detailed steps on how to set up the connector, including selecting appropriate event filters, configuring output type, specifying the server name or IP address of the ArcSight receiver, and enabling CEF format for data transmission. The guide also covers field mappings from vendor-specific event definitions to ArcSight's predefined data fields, emphasizing the use of shost/dhost and suser/duser as per ArcSight configuration guidelines. This setup is aimed at enhancing security by managing privileged accounts through a CEF-compatible format compatible with the ArcSight system, facilitating efficient event collection and forwarding.

Details:

This document provides a configuration guide for setting up ERPM (Enterprise Random Password Manager) to work with ArcSight for event collection and forwarding. The guide outlines how to configure the connector, including selecting event filters, configuring output type, specifying the server name or IP address of the ArcSight receiver, and enabling CEF format for data output. It also details field mappings from vendor-specific event definitions to ArcSight data fields, explaining use of shost/dhost and suser/duser as per ArcSight configuration instructions. The guide is intended for administrators looking to secure and manage privileged accounts through this utility by forwarding events in a CEF format compatible with the ArcSight system.