Integrating ArcSight with Enterprise Ticketing Systems

Slides:



Advertisements
Similar presentations
Little Used, but Powerful Features with GP Cathy Fregelette, CPA, PMP Practice Manager BroadPoint Technologies September 20, 2012.
Advertisements

SERVICE MANAGER 9.2 VIEWS AND REPORTS July, 2011.
Chapter 20 Oracle Secure Backup.
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)
Enterprise Content Management Departmental Solutions Enterprisewide Document/Content Management at half the cost of competitive systems ImageSite is:
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.
MX250 V3.0 Call Recording, Archive and Archive Viewer.
OFC302 Building Smart Document Solutions in Word & Excel Martin Sawicki Lead Program Manager.
Migration XenDesktop 7. © 2013 Citrix | Confidential – Do Not Distribute Migration prerequisites Set up a XenDesktop 7 Site, including the site database.
Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.
WebFOCUS Developer Studio Update Dimitris Poulos Technical Director September 3, 2015 Copyright 2009, Information Builders. Slide 1.
What’s new in agenTel 6.2 December 2009 The Voxtron Factory.
Configuration Management and Server Administration Mohan Bang Endeca Server.
1 Kaseya Advanced Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.2 Last updated on June 25, 2012 DAY TWO.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
DAFv2 Hands on Lab 1. Agenda Administration Manager Administration Manager Roles, General Settings, Job-Types, Phases, Users, Workstations, Collections.
Appendix A Starting Out with Windows PowerShell™ 2.0.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Presented and hosted by Smooth Sailing: How to Upgrade Sage 300.
Bonrix SMPP Client. Index Introduction Software and Hardware Requirements Architecture Set Up Installation HTTP API Features Screen-shots.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Oxford University Computing Services IT Support Tracking with Request Tracker (RT) Katherine Craddock Oxford University Computing Services.
Scott Drucker, Systems Engineer Migrating to Microsoft Vista with WinINSTALL.
Introduction to the Adapter Server Rob Mace June, 2008.
Connect. Communicate. Collaborate The Installation of RRD Measurement Archive (MA) Roman Łapacz, PSNC 27 th September, 2006 SEEREN2 Summer School, Heraklion.
Working with Feature Services Gary MacDougall Russell Brennan.
SKYPIAX, how to add Skype capabilities to FreeSWITCH (and Asterisk) CHICAGO, USA, September 2009.
What’s New in QAD’s.NET UI? Browse Updates, Guide Me, and more! Stacy Elwood, BravePoint MWUG September 2010.
ClearQuest XML Server with ClearCase Integration Northwest Rational User’s Group February 22, 2007 Frank Scholz Casey Stewart
What is MySQL? MySQL is a relational database management system (RDBMS) based on SQL (Structured Query Language). First released in January, Many.
How to combine IRIS products Available APIs Examples of integrations Ole Andersen Senior Strategic Account Manager.
Linux Operations and Administration
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
Active-HDL Server Farm Course 11. All materials updated on: September 30, 2004 Outline 1.Introduction 2.Advantages 3.Requirements 4.Installation 5.Architecture.
Overview of Basic 3D Experience (Enovia V6) Concepts
SoftUpdate New features and management technique.
Click to edit Master subtitle style 9/30/2016 Next Generation Catalog with Integration of VuFind and Pazpar2 Presented by Mohan Raj Pradhan Associate Professor.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
2nd year Computer Science & Engineer
Architecture Review 10/11/2004
SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365
Build and Test system for FairRoot
Data Virtualization Demoette… ODBC Clients
Integrating ArcSight with Enterprise Ticketing Systems
SQA Incident Tracking System Overview
System Center 2012 Configuration Manager
Pilot Watcher Product Overview V5.3
Shared Services with Spotfire
Module Overview Installing and Configuring a Network Policy Server
Working with Feature Layers
Section 13 - Integrating with Third Party Tools
Bomgar Remote support software
Ch > 28.4.
What Is Sharepoint? Mohsen Ashkboos
Configuration Of A Pull Network.
Remedy Integration Strategy Leverage the power of the industry’s leading service management solution via open APIs February 2018.
STATEL an easy way to transfer data
INTEGRATION WITH CornerStone LMS
Presentation transcript:

Integrating ArcSight with Enterprise Ticketing Systems Dhiraj Sharan Senior Software Engineer May 2006 © 2006 ArcSight Confidential

© 2006 ArcSight Confidential Agenda Enterprise System Integration Options Available in the ArcSight Manager Enterprise Ticketing Integration deep dive: Export to External System How Export to External System works Need for an Enterprise System Connector Case Study: ArcSight Remedy Connector Introduction to Remedy Action Request System Architecture of ArcSight Remedy Connector Mapping the Schema between Remedy and ArcSight Installation and Configuration © 2006 ArcSight Confidential

© 2006 ArcSight Confidential Options Available for Enterprise System Integration with the ArcSight Manager 1. Export to External System Export/import of XML files done by the Manager 2. Archive Tool Externally launched command line client to export/import XML files from the Manager 3. External Scripts Launch external scripts from Rule Actions or interactively from Console Tools © 2006 ArcSight Confidential

© 2006 ArcSight Confidential Options Available for Enterprise System Integration with the ArcSight Manager 4. SMTP Send email notifications from Rule Actions 5. SNMP Send SNMP traps from the Manager 6. Enterprise System Connector Native integration © 2006 ArcSight Confidential

Export to External System © 2006 ArcSight Confidential

Export to External System at the User Level Export to External System of Event Export to External System of Case 1. User Driven: right click on Event in Console 2. Automated: from Rule Action 3. User Drive: right click on Case in Console 4. Automated: via Case Search Group © 2006 ArcSight Confidential

1. User Driven Export to External System of Event Right click on Event in Console —> Export —> External Event Tracking System © 2006 ArcSight Confidential

2. Automated Export to External System of Event Automated Export to External System from Rule Action © 2006 ArcSight Confidential

3. User Driven Export to External System of Case Right click on Case —> Export —> External Event Tracking System © 2006 ArcSight Confidential

4. Automated Export to External System of Case Automated Export to External System from Case Search Group server.properties # ------------------------------------------------------------ # External Ticket System Configuration # This configures in no. of seconds, data should be exported # to external trouble ticket systems. external.export.interval=60 # The Case Search Group that should be used for automatically # exporting events of cases that fall in the search criteria. #external.export.querygroup.uri=/All Cases/All Cases/Export Cases # Upper limit on number of cases to be exported from the query # group in one export cycle. external.export.querygroup.max=100 © 2006 ArcSight Confidential

Tracking Event Exports via Cases Purpose: Audit Export to External System Case gets created behind the scenes in /All Cases/System Cases if the export was for an Event instead of a Case Export to External System from Console UI right click on an Event Export to External System from Rule Action So umbrella Case always there for ANY export © 2006 ArcSight Confidential

Export to External System: Export as XML File Periodic export/import every 60 seconds (default) Cases and their events are exported in archive XML format Archive file exported to archive/exports directory ExternalEventTrackingData_<timestamp>.xml Archive imports checked from archive/imports directory DTDs of XML files available in schema/xml/archive directory on Manager © 2006 ArcSight Confidential

© 2006 ArcSight Confidential Agenda Refresher Enterprise System Integration Options Available in the ArcSight Manager Enterprise Ticketing Integration deep dive: Export to External System How Export to External System works Need for an Enterprise System Connector Case Study: ArcSight Remedy Connector Introduction to Remedy Action Request System Architecture of ArcSight Remedy Connector Mapping the Schema between Remedy and ArcSight Installation and Configuration © 2006 ArcSight Confidential

Enterprise System Connector © 2006 ArcSight Confidential

Need for a Custom Connector To link archive XML with External Ticketing System ArcSight Manager Enterprise System Connector External Ticketing System Common ArcSight Standard for Ticketing Integration Custom Connector for Specific External Ticketing Systems Export to External System © 2006 ArcSight Confidential

ArcSight Remedy Connector © 2006 ArcSight Confidential

BMC Remedy Action Request System (ARS) ARS is a Application Builder but NOT an Application ARS builds Service Applications in a request-centric, forms-driven, Workflow-based architecture ARS Integration Method Remedy ARS API library Remote API Protocol : Sun RPC Use Case for the current ArcSight Remedy Connector Use Remedy as a ticketing interface instead of ArcSight Cases © 2006 ArcSight Confidential

Case Study: ArcSight Remedy Connector ArcSight Remedy Connector is a broker between ArcSight Manager and Remedy ARS Remedy ARS server connection Uses Remedy ARS API library ARS API Protocol: Sun RPC ArcSight Manager connection Uses XML file based protocol from Export to External System feature Runs as a service on the ArcSight Manager machine Watches for manager exported files in archive/exports Parses Archive XML and prepares data to submit to Remedy form Near real-time data transfer (default 60 seconds) © 2006 ArcSight Confidential

Architecture: ArcSight Remedy Connector Remedy ARS Server ArcSight Manager ArcSight Remedy Connector Remedy User Remedy Administrator Archive XML File Export/Import ArcSight Manager Server ArcSight Remedy Connector Architecture Remedy Web Server Remedy Database ARS RPC Protocol © 2006 ArcSight Confidential

Versions and Platforms ArcSight Remedy Connector Current Release: 3.0.4 Platforms: Windows, Solaris, Redhat Linux Supported ArcSight Manager Versions Same Connector supports Manager versions 2.5, 3.0, 3.5 Connector independent of Manager versions as long as Archive XML schema remains same Supported Remedy ARS Versions Connector tested with Remedy ARS versions 5.1 to 6.3 Future Remedy ARS versions maintain backward compatibility with Remedy ARS APIs used by Connector © 2006 ArcSight Confidential

Data Flow: ArcSight Remedy Connector ArcSight ConsoleTM Action Remedy Ticket ID and Status put as Archive XML file for updates Remedy Ticket ID and Status imported by the Manager Remedy Ticket ID and Status reported back to the remedy connector Manual or Automatic Export to External System of Cases and Events Case and Event data exported to the XML file Ticket created in Remedy Remedy Connector parses the XML data ArcSight Remedy Connector ArcSight Manager ArcSight XML Archive The data flow is in several steps and has a direction of flow. A detailed description should show up when a particular step is being described and the data flow direction should be appropriately marked. These are the steps, their direction, and text:   Step 1 (ArcSight Console to ArcSight Manager) : Manual or Automatic Export to External System of Cases and Events. Step 2 (ArcSight Manager to Archive XML File) : Case and Event data exported to the XML File Step 3 (ArcSight XML File to ArcSight Remedy Connector) : Remedy Connector parses the xml data. Step 4 (ArcSight Remedy Connector to Remedy ARS Server) : Ticket created in Remedy Step 5 (Remedy ARS Server to ArcSight Remedy Connector) : Remedy Ticket ID and Status reported back to the Remedy Connector Step 6 (ArcSight Remedy Connector to Archive XML File) : Remedy Ticket ID and Status put as Archive XML file for updates. Step 7 (Archive XML File to the ArcSight Manager) : Remedy Ticket ID and Status imported by the Manager. Remedy ARS Server © 2006 ArcSight Confidential

© 2006 ArcSight Confidential Two-way Integration Connector brings the Remedy Ticket Number back to ArcSight Stored in Case External ID attribute Connector tracks Remedy Ticket Status changes and brings the STATUS back to ArcSight Configure which Case attribute should hold Status Sends ticket number and status to the manager via XML file in archive/imports directory Other fields not synchronized in the current Connector Use Case Connector can be modified to synchronize other fields too since the Archive XML interface supports it © 2006 ArcSight Confidential

Defining the ArcSight Form in ARS © 2006 ArcSight Confidential

Mapping ArcSight Schema to Remedy Schema # ------------------------------------------------------------ # Remedy field mappings for uplink (from arcsight to remedy) # Set the name of the remedy form the arcsight remedy client # should submit event data to. remedy.event.form=ArcSight Ticket # Set the number of fields in the form remedy.event.form.fields=3 # Set the remedy field names to arcsight attribute names mapping remedy.event.form.field[0].name=TicketName arcsight.event.attribute[0].name=name remedy.event.form.field[1].name=IncidentTime arcsight.event.attribute[1].name=endTime remedy.event.form.field[2].name=ReportDevice arcsight.event.attribute[2].name=deviceAddress Remedy Schema Every Remedy App is Unique with its own fields Define Fields as per ArcSight Event Attributes desired ArcSight Schema Choose the ArcSight Event attributes to send to Remedy Mapping ArcSight and Remedy Schema Configured in config/arcremedyclient.properties in the Connector Note Only the chosen Event fields are transferred to Remedy Case fields are not transferred in the current Use Case © 2006 ArcSight Confidential

Installation/Configuration Extract the ArcSightRemedyClient.3.0.4.zip file Running from command line: bin/arcremedyclient <params> Demonized version: bin/arcremedyclientsvc <params> Parameters ArcSight Manager installation directory path, Remedy Username, Remedy Password, Remedy Servername, Remedy Port © 2006 ArcSight Confidential

Installation/Configuration Setup to run as a Service Windows bin/arcremedyclientsvc –i Solaris/Linux startup/solaris/runAsRoot –i /etc/init.d/arcremedyclient service configuration and startup script Set JAVA_HOME to use the ArcSight Manager’s JRE Schema mapping and other configuration config/arcremedyclient.properties Troubleshooting logs/arcremedy.log © 2006 ArcSight Confidential

© 2006 ArcSight Confidential Questions and Answers Download Slides https://support.arcsight.com More ArcSight Events http://www.arcsight.com Join the User Forum https://forum.arcsight.com © 2006 ArcSight Confidential

© 2006 ArcSight Confidential www.arcsight.com © 2006 ArcSight Confidential

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.