Adding a Connector

Prerequisites

Before you add a connector, review the following important information.

To add a connector:

Tip: If you are adding a connector for the Check Point FW-1/VPN-1 system, see a more detailed procedure in Configuring the Check Point OPSEC NG Connector .

  1. Click Node Management.

  2. In the navigation tree, browse to the host on which the connector will reside.

  3. In the management panel, click the Containers tab.

  4. On the Containers tab, locate the container where you will assign the connector.

  5. In the Action drop-down, click Add Connector. The Connector Setup wizard starts.

  6. Review the dialog box, and then click Next.

  7. Select a connector type from the pull-down list of available types, and then click Next.

  8. Enter basic parameters for the connector. Parameters vary based on the connector type. (Hover over a field for more information on a field.) When all fields have been entered, click Next.

    Note: When entering parameters that include a file path, enter the path in POSIX format (for example, /folder/filename).

    For file-based connectors on Windows systems, specify the name of the CIFS mount point you created for the connector. (You need to specify /opt/mnt/CIFS_share_name.)

    Some connectors include table parameters. For example, the Microsoft Windows Event Log includes parameters for each host in the domain and one or more log types (security, application, system, directory service, DNS, file replication, and so on). You can import table parameters from a CSV file that was exported from another connector, as long as you export it and import it from the same containers. If the CSV file was exported from a different container, you need to change the secret parameters, such as the password, which appear in obfuscated format in the CSV file to plain text before you import the CSV file.

    Note: For connectors that query Microsoft Active Directory to detect devices, if the “Network Security: LDAP Server Signing Requirements” policy is set to “Signing Required” on the Domain Controller, ArcSight Management Center will be unable to connect to the Active Directory or browse for devices. You see an error when selecting Windows Host Browser as the connector device browser type.

  9. Choose a primary destination for the connector and enter destination-specific parameters on the following page(s), and then click Next.

    • Note: FIPS Suite B certificates are not retrieved automatically and must be uploaded manually.

      To see certificate details, hover over the certificate.

      • Select Import the certificate to the connector from the destination, and then click Next to import the certificate and continue.

      • Select Do not import the certificate to the connector from the destination, and then click Next if you do not want to import the certificate. The destination will not be added.

  10. Enter connector details:

    Parameter

    Description

    Name

    A descriptive name for this connector.

    Location

    The location of the connector (such as the hostname).

    Device Location

    The location of the device that sends events to the connector.

    Comment

    Additional comments.

  11. When complete, click Done.