Bring More Context to HP ArcSight Data
Enrich your HP ArcSight output data with actionable context in human-readable format, including the before and after values for every change and data access attempt, both failed and successful.
Investigate Suspicious Activity Faster
Speed up investigation of anomalies in user behavior. Actionable audit data enables you to investigate what steps led to an incident so you can better determine how to prevent such issues from happening again.
Maximize the ROI of your SIEM
AuditAssurance™ technology turns disparate arrays of raw logs into a single record with actionable details. Then Netwrix Auditor feeds HP ArcSight with this granular audit data, reducing the volume of indexed data and making your ArcSight deployment more cost effective.
Step-by-Step Instructions for IntegrationTo integrate Netwrix Auditor with HP ArcSight, simply take the following steps:
Prepare for the integration by ensuring that:
- Netwrix Auditor is installed, and its Audit Database is configured and contains audit data.
- The execution policy for PowerShell scripts is set to Unrestricted.
- The TCP receiver is configured on the HP ArcSight side.
Get the script running:
- Right-click the script and select Edit. The Windows PowerShell ISE will start.
- If you don't use the default port (9699), update the port number.
- Run the script and wait for it to execute.
See the results:
- Log on to the HP ArcSight web interface.
- On the Summary page, select the 'Event Summary by Receiver' diagram and click the TCP Receiver segment.
- On the Analyze page that opens, review the search field. Ensure your computer is listed as the TCP Receiver.
- Review the changes and data access events for your HP ArcSight system.
Want more help getting started
with the add-on?
Read the Quick-Start Guide.
- Review detailed instructions for installing the Add-on for HP ArcSight.
- Learn how to configure it properly.
- Start getting complete visibility into changes and data access throughout your HP ArcSight environment.