SmartConnector Features

Connectors both receive and retrieve information from network devices. If the device sends information, the connector becomes a receiver. But, if the device does not send information, the connector can retrieve it.

SmartConnectors are also available to forward events between ArcSight systems such as Transformation Hub and ESM, enabling the creation of multi-tier monitoring and logging architectures for large organizations and Managed Service Providers.

Connectors perform the following tasks:

• Collect all the data from a source device, which eliminates the need to return to the device during an investigation or audit.
• Parse individual events and normalize event values such as severity, priority, and time zone into a common schema (format) for use by the ESM Manager.
• Filter out data that is not needed for analysis, thus saving network bandwidth and storage space (optional).
• Filter and aggregate events to reduce the volume sent to the Manager, ArcSight Logger, or other destinations, which reduces event processing time and increases efficiency of ArcSight.
• Categorize events by using a common, human-readable format, saving time, and making it easier to use the event categories to build filters, rules, reports, and data monitors.
• Add device and event information to it to complete the message and send it to the configured destination.
• Pass processed events to the ESM Manager.

After the connectors normalize and send events to the ESM Manager, the events are stored in the centralized ESM database. ESM then filters and cross-correlates these events with rules to generate meta-events. The meta-events then are automatically sent to administrators with corresponding Knowledge Base articles that contain information supporting their enterprise’s policies and procedures.

Depending on the network device, some connectors can issue commands to devices. These actions can be executed manually or through automated actions from rules and some data monitors.

Specific connector configuration guides document device-to-ESM event mapping information for individual vendor devices, as well as specific installation parameters and configuration information.

Topics include: