Voltage ArcSight Integration Demo Script v4.1

Summary:

This document provides a demonstration script for integrating ArcSight's Smart Connector with Voltage's SecureData to perform Format Preserved Encryption (FPE) on sensitive data such as PII and credit card information. The integration is facilitated through the Simple API for JAVA, ensuring real-time encryption during transmission or storage. To decrypt data using Java, ensure a running instance of the Voltage SecureData Appliance with necessary CA certificates imported into Oracle Java `cacerts`. For encrypting data on Linux, use the Linux ArcSight Smart Connector in conjunction with Voltage's Simple API, leveraging FPE for specific fields.

Details:

This document outlines a demonstration script for integrating ArcSight's Smart Connector with Voltage's SecureData, utilizing their Simple API for JAVA. The purpose of this integration is to encrypt sensitive personal identifiable information (PII) data in real-time using Format Preserved Encryption (FPE). The demo requires a running instance of the Voltage SecureData Appliance and a properly configured ArcSight Smart Connector. Prerequisites include installing and configuring both the ArcSight Test Alert Smart Connector on Windows and Voltage's Simple API for JAVA, as well as setting up the SecureDataClient JAVA client to decrypt data. This setup is detailed in the provided PowerPoint documentation from Voltage. The demonstration focuses on encrypting sensitive data fields using FPE via the integration between ArcSight's Smart Connector and Voltage's SecureData with their Simple API. The demo will showcase how this system can be used to protect PII and credit card information as required by various regulations like GDPR, HIPAA, and PCI. To successfully run the demonstration, ensure that the SecureData Server is accessible from the ArcSight Smart Connector, and both systems are properly installed and configured with necessary clients. The data will be sent to a CEF file in this demo; however, in a production environment, it would typically be routed to an Endpoint Security Manager (ESM) or Advanced Defense Platform (ADP). To decrypt data on your laptop using Java for a specific use case involving the Voltage ArcSight Integration, you will need to follow these steps and prerequisites based on the provided information: ### Data Re-identification: Decrypting Data Using SecureData To re-identify encrypted data for forensic analysis, you can use the Voltage SecureData client to decrypt data that was previously encrypted by ArcSight Smart Connector. Here's how you can do it: #### Prerequisites: 1. **SecureData Appliance** must be up and running. 2. Import the SecureData CA certificates into your Oracle Java `cacerts`. #### Steps: 1. Use the **SecureDataClient.jar utility** to decrypt CEF events that were encrypted by ArcSight Smart Connector, using the same identity configured for encryption (`test@voltagedemo.com`). 2. You can choose from several options to decrypt data such as REST API, SOAP API, or Simple API. For this specific use case, you will be using SecureDataClient.jar utility. ### Data De-identification: Encrypting Data Using ArcSight Smart Connectors and SecureData Simple API (Linux) If you need to encrypt sensitive data for transmission or storage, you can use the Linux ArcSight Smart Connector in conjunction with Voltage SecureData's Simple API. This demo will show you how to leverage the integration between ArcSight SC and Voltage SecureData using the Simple API for Java to encrypt specific fields in real-time using Format Preserved Encryption (FPE). #### Prerequisites: 1. For this demo, you have bundled both ArcSight SC and Simple API on the SDA demo VM. 2. The **Simple API** is installed at `/opt/voltage/`. 3. The **ArcSight SC Syslog (TCP port 1514)** is installed at `/opt/arcsight/sc`. 4. Verify that ArcSight syslogng is running with `#systemctl status arc_syslogng`. #### Steps: 1. Use the Linux ArcSight Smart Connector to encrypt sensitive data using Voltage Format Preserved Encryption (FPE). 2. Leverage the integration between ArcSight SC and Voltage SecureData using the Simple API for Java to perform real-time encryption of specific fields with FPE. ### Summary To decrypt data on your laptop using Java for forensic analysis or other purposes, you will need to ensure that the SecureData Appliance is operational and that CA certificates are imported into your Oracle Java `cacerts`. For encrypting data, use the Linux ArcSight Smart Connector in conjunction with Voltage SecureData's Simple API, ensuring all necessary pre-requisites are met.