Q:
Arcsight Question
Does anyone have any experience with configuring ArcSight and Snort so that ArcSight can pull the payload information from the Snort sensor?
ASKED:
Dec 23 2008 4:17 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
I had worked in the past on ArcSight Installation/Configuration/Management,
and Yes, you can configure the Manager to Pull the logs from the Snort,
you will need to have physical access and password and snort.conf details as well ,
also, you need to configure the SmartAgents, and select the "Snort Database"
and finally you will need the MySQL DB password and username from the snort.conf handy in order to get it running.
u can refer to the technical documentation.
if u need any help please email me at:-
nitin.blackhat[at]gmail.com
