Adding a Connector
Prerequisites
Before you add a connector, review the following important information.
-
Make sure that the container, host, and location to which you want to add the connector exist in ArcSight Management Center. If any of these elements do not exist, create them.
-
Follow the configuration best practices described in Configuration Suggestions for Connector/Collector Types .
-
For more information see SmartConnectors Grand List (A-Z)
-
If you are adding a software-based connector, make sure that the username and password for the connector match the username and password for the container to which you are adding the connector. If necessary, refer to Changing Container Credentials.
Caution: Each connector's default user name is
connector_user
and the default password ischange_me
. A connector with these default values still in place should be considered non-secure. ArcSight strongly recommends that for optimal security, you should change each connector’s credentials to non-default values before deploying the connector to production. -
File-based connectors use the Common Internet File System (CIFS) or Network File System (NFS). These stipulations apply when creating a local connector to run as part of ArcMC.
- On a Windows system, a CIFS share needs to be configured before you add a file-based connector.
- For all other connectors, an NFS mount needs to be established before a file-based connector can be added. In addition, when entering the connector parameters, enter the configuration file name without an extension in the Configuration File field. The extension
.sdkrfilereader.properties
is appended automatically.
-
For detailed information about individual connector parameters, refer to the specific ArcSight SmartConnector Configuration Guide for the type of connector chosen. The configuration guide also describes how to set up the source device for use with the connector
To add a connector:
Tip: If you are adding a connector for the Check Point FW-1/VPN-1 system, see a more detailed procedure in Configuring the Check Point OPSEC NG Connector .
-
Click Node Management.
-
In the navigation tree, browse to the host on which the connector will reside.
-
In the management panel, click the Containers tab.
-
On the Containers tab, locate the container where you will assign the connector.
-
In the Action drop-down, click Add Connector. The Connector Setup wizard starts.
-
Review the dialog box, and then click Next.
-
Select a connector type from the pull-down list of available types, and then click Next.
-
Enter basic parameters for the connector. Parameters vary based on the connector type. (Hover over a field for more information on a field.) When all fields have been entered, click Next.
Note: When entering parameters that include a file path, enter the path in POSIX format (for example,
/folder/filename
).For file-based connectors on Windows systems, specify the name of the CIFS mount point you created for the connector. (You need to specify
/opt/mnt/
CIFS_share_name
.)Some connectors include table parameters. For example, the Microsoft Windows Event Log includes parameters for each host in the domain and one or more log types (security, application, system, directory service, DNS, file replication, and so on). You can import table parameters from a CSV file that was exported from another connector, as long as you export it and import it from the same containers. If the CSV file was exported from a different container, you need to change the secret parameters, such as the password, which appear in obfuscated format in the CSV file to plain text before you import the CSV file.
Note: For connectors that query Microsoft Active Directory to detect devices, if the “Network Security: LDAP Server Signing Requirements” policy is set to “Signing Required” on the Domain Controller, ArcSight Management Center will be unable to connect to the Active Directory or browse for devices. You see an error when selecting Windows Host Browser as the connector device browser type.
-
Choose a primary destination for the connector and enter destination-specific parameters on the following page(s), and then click Next.
-
Note: FIPS Suite B certificates are not retrieved automatically and must be uploaded manually.
To see certificate details, hover over the certificate.
-
Select Import the certificate to the connector from the destination, and then click Next to import the certificate and continue.
-
Select Do not import the certificate to the connector from the destination, and then click Next if you do not want to import the certificate. The destination will not be added.
-
-
Enter connector details:
Parameter
Description
Name
A descriptive name for this connector.
Location
The location of the connector (such as the hostname).
Device Location
The location of the device that sends events to the connector.
Comment
Additional comments.
-
When complete, click Done.