Importing the ESM-SOAR Integration Content

After you download the ESM-SOAR integration content from Marketplace, import it to the ArcSight Console and configure it.

Note: You need to download the ESM-SOAR integration content and import it to ArcSight Console and configure it, only if you are using ESM 7.5. For ESM 7.6 you do not need to import arb file for ESM-SOAR integration.

  1. Import the integration content to the ArcSight Console.

    The following shows the content imported to the console:

  2. Reset the password for the SOAR Forwarding Connector user, forwardSOAR.

  3. Reset the password for the SOAR Web user, apiSOAR.

  4. Add the correlation rule names that you want to forward from ESM to SOAR to the SOAR Rule Names active list.

  5. The integration content adds change me as the default value for the Old File Hash field.

    This value is used during the process of adding ESM as an alert source for SOAR. The default value of the Old file Hash field is specified on the Key textbox in the Alert Source Editor.

  6. Open ACL Editor for apiSOAR user on ESM console and add read and write permissions for all active lists for this user. Now you can access all the active lists on ESM from SOAR side.

    Note: You can change the value of the Old File Hash field on the SOAR Integration Rule action tab in the ArcSight Console.