Overview

ArcSight FlexConnector Configuration provides you with an overview of the ArcSight SmartConnectors framework and explains the ArcSight ESM Schema. It teaches you how to construct and manipulate FlexConnector configuration and property files and use various parsing methods including fixed delimited, regular expressions, and database query. Examples from standard connectors are used to illustrate device-specific methodologies. Advanced configuration options such as multi-line Regex, parser linking and conditional mapping are also covered.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge.

  • Successful completion of ArcSight ESM Admin and Analyst course
  • Successful completion of ArcSight ESM Advanced Administrator course
  • Working knowledge of Regular Expressions

Delegates will learn how to

Upon completion of this course, you should be able to:

  • Install ArcSight Connector software, configure a functional FlexConnector, and test with an ESM Active Channel
  • Use the FlexConnector Wizard to create fixed delimited configuration files
  • Use the Regex Tester tool to create common and sub-message parsing and token-to-event mapping
  • Create a tailored Categorization file for a parent FlexConnector and test its function in an active channel
  • Navigate the connector configuration file hierarchy to locate, display and edit.

Outline

Module 1: Connector Overview
Module 2: Creating the FlexConnector Configuration File
Module 3: Database and SNMP FlexConnectors
Module 4: Using the ArcSight Schema
Module 5: Regular Expression (RegEx) FlexConnectors
Module 6: Advanced FlexConnector Topics