Configuring ESM as Integration

ESM must be configured on the SOAR as an integration. This integration seamlessly maps the incoming ESM correlated events into SOAR alerts.

To configure ESM as Integration:

1. Navigate to Configuration > Integrations on SOAR.

2. Click +Create Integration to view the Configuration window.

3. Enter the following values in the Configuration window:

   • Name: <Display name of ESM integration on SOAR>

   • Type: Micro Focus ArcSight ESM

   • Address: <Address of the ESM Manager>

     For example, you can specify the address of the ESM Manager as: https://192.168.5.5:8443

   • Configuration: #proxy.id=5422

   • Credential: <Name of the credential set created>

     For example, ArcSight ESM Credentials

   • Trust Invalid SSL Certificates: <Select this option if server certificate is self-signed or not recognized by browsers>

   • Require Approval From: <Select users from list that can provide approval before executing actions on this integration>

   • Notify: <Select users to be notified when SOAR performs an action on this integration>

4. Click Test to test the integration. A Test Alert Source pop up is displayed to confirm that you have entered the valid credentials and address.

5. Click Save to complete the integration.