Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating ArcSight with Enterprise Ticketing Systems

Published byGeoffrey Powell Modified over 6 years ago

Similar presentations

Presentation on theme: "Integrating ArcSight with Enterprise Ticketing Systems"— Presentation transcript:

1 Integrating ArcSight with Enterprise Ticketing Systems
Dhiraj Sharan Senior Software Engineer May 2006 © 2006 ArcSight Confidential

2 © 2006 ArcSight Confidential
Agenda Enterprise System Integration Options Available in the ArcSight Manager Enterprise Ticketing Integration deep dive: Export to External System How Export to External System works Need for an Enterprise System Connector Case Study: ArcSight Remedy Connector Introduction to Remedy Action Request System Architecture of ArcSight Remedy Connector Mapping the Schema between Remedy and ArcSight Installation and Configuration © 2006 ArcSight Confidential

3 © 2006 ArcSight Confidential
Options Available for Enterprise System Integration with the ArcSight Manager 1. Export to External System Export/import of XML files done by the Manager 2. Archive Tool Externally launched command line client to export/import XML files from the Manager 3. External Scripts Launch external scripts from Rule Actions or interactively from Console Tools © 2006 ArcSight Confidential

4 © 2006 ArcSight Confidential
Options Available for Enterprise System Integration with the ArcSight Manager 4. SMTP Send notifications from Rule Actions 5. SNMP Send SNMP traps from the Manager 6. Enterprise System Connector Native integration © 2006 ArcSight Confidential

5 Export to External System
© 2006 ArcSight Confidential

6 Export to External System at the User Level
Export to External System of Event Export to External System of Case 1. User Driven: right click on Event in Console 2. Automated: from Rule Action 3. User Drive: right click on Case in Console 4. Automated: via Case Search Group © 2006 ArcSight Confidential

7 1. User Driven Export to External System of Event
Right click on Event in Console —> Export —> External Event Tracking System © 2006 ArcSight Confidential

8 2. Automated Export to External System of Event
Automated Export to External System from Rule Action © 2006 ArcSight Confidential

9 3. User Driven Export to External System of Case
Right click on Case —> Export —> External Event Tracking System © 2006 ArcSight Confidential

10 4. Automated Export to External System of Case
Automated Export to External System from Case Search Group server.properties # # External Ticket System Configuration # This configures in no. of seconds, data should be exported # to external trouble ticket systems. external.export.interval=60 # The Case Search Group that should be used for automatically # exporting events of cases that fall in the search criteria. #external.export.querygroup.uri=/All Cases/All Cases/Export Cases # Upper limit on number of cases to be exported from the query # group in one export cycle. external.export.querygroup.max=100 © 2006 ArcSight Confidential

11 Tracking Event Exports via Cases
Purpose: Audit Export to External System Case gets created behind the scenes in /All Cases/System Cases if the export was for an Event instead of a Case Export to External System from Console UI right click on an Event Export to External System from Rule Action So umbrella Case always there for ANY export © 2006 ArcSight Confidential

12 Export to External System: Export as XML File
Periodic export/import every 60 seconds (default) Cases and their events are exported in archive XML format Archive file exported to archive/exports directory ExternalEventTrackingData_<timestamp>.xml Archive imports checked from archive/imports directory DTDs of XML files available in schema/xml/archive directory on Manager © 2006 ArcSight Confidential

13 © 2006 ArcSight Confidential
Agenda Refresher Enterprise System Integration Options Available in the ArcSight Manager Enterprise Ticketing Integration deep dive: Export to External System How Export to External System works Need for an Enterprise System Connector Case Study: ArcSight Remedy Connector Introduction to Remedy Action Request System Architecture of ArcSight Remedy Connector Mapping the Schema between Remedy and ArcSight Installation and Configuration © 2006 ArcSight Confidential

14 Enterprise System Connector
© 2006 ArcSight Confidential

15 Need for a Custom Connector
To link archive XML with External Ticketing System ArcSight Manager Enterprise System Connector External Ticketing System Common ArcSight Standard for Ticketing Integration Custom Connector for Specific External Ticketing Systems Export to External System © 2006 ArcSight Confidential

16 ArcSight Remedy Connector
© 2006 ArcSight Confidential

17 BMC Remedy Action Request System (ARS)
ARS is a Application Builder but NOT an Application ARS builds Service Applications in a request-centric, forms-driven, Workflow-based architecture ARS Integration Method Remedy ARS API library Remote API Protocol : Sun RPC Use Case for the current ArcSight Remedy Connector Use Remedy as a ticketing interface instead of ArcSight Cases © 2006 ArcSight Confidential

18 Case Study: ArcSight Remedy Connector
ArcSight Remedy Connector is a broker between ArcSight Manager and Remedy ARS Remedy ARS server connection Uses Remedy ARS API library ARS API Protocol: Sun RPC ArcSight Manager connection Uses XML file based protocol from Export to External System feature Runs as a service on the ArcSight Manager machine Watches for manager exported files in archive/exports Parses Archive XML and prepares data to submit to Remedy form Near real-time data transfer (default 60 seconds) © 2006 ArcSight Confidential

19 Architecture: ArcSight Remedy Connector
Remedy ARS Server ArcSight Manager ArcSight Remedy Connector Remedy User Remedy Administrator Archive XML File Export/Import ArcSight Manager Server ArcSight Remedy Connector Architecture Remedy Web Server Remedy Database ARS RPC Protocol © 2006 ArcSight Confidential

20 Versions and Platforms
ArcSight Remedy Connector Current Release: 3.0.4 Platforms: Windows, Solaris, Redhat Linux Supported ArcSight Manager Versions Same Connector supports Manager versions 2.5, 3.0, 3.5 Connector independent of Manager versions as long as Archive XML schema remains same Supported Remedy ARS Versions Connector tested with Remedy ARS versions 5.1 to 6.3 Future Remedy ARS versions maintain backward compatibility with Remedy ARS APIs used by Connector © 2006 ArcSight Confidential

21 Data Flow: ArcSight Remedy Connector
ArcSight ConsoleTM Action Remedy Ticket ID and Status put as Archive XML file for updates Remedy Ticket ID and Status imported by the Manager Remedy Ticket ID and Status reported back to the remedy connector Manual or Automatic Export to External System of Cases and Events Case and Event data exported to the XML file Ticket created in Remedy Remedy Connector parses the XML data ArcSight Remedy Connector ArcSight Manager ArcSight XML Archive The data flow is in several steps and has a direction of flow. A detailed description should show up when a particular step is being described and the data flow direction should be appropriately marked. These are the steps, their direction, and text: Step 1 (ArcSight Console to ArcSight Manager) : Manual or Automatic Export to External System of Cases and Events. Step 2 (ArcSight Manager to Archive XML File) : Case and Event data exported to the XML File Step 3 (ArcSight XML File to ArcSight Remedy Connector) : Remedy Connector parses the xml data. Step 4 (ArcSight Remedy Connector to Remedy ARS Server) : Ticket created in Remedy Step 5 (Remedy ARS Server to ArcSight Remedy Connector) : Remedy Ticket ID and Status reported back to the Remedy Connector Step 6 (ArcSight Remedy Connector to Archive XML File) : Remedy Ticket ID and Status put as Archive XML file for updates. Step 7 (Archive XML File to the ArcSight Manager) : Remedy Ticket ID and Status imported by the Manager. Remedy ARS Server © 2006 ArcSight Confidential

22 © 2006 ArcSight Confidential
Two-way Integration Connector brings the Remedy Ticket Number back to ArcSight Stored in Case External ID attribute Connector tracks Remedy Ticket Status changes and brings the STATUS back to ArcSight Configure which Case attribute should hold Status Sends ticket number and status to the manager via XML file in archive/imports directory Other fields not synchronized in the current Connector Use Case Connector can be modified to synchronize other fields too since the Archive XML interface supports it © 2006 ArcSight Confidential

23 Defining the ArcSight Form in ARS
© 2006 ArcSight Confidential

24 Mapping ArcSight Schema to Remedy Schema
# # Remedy field mappings for uplink (from arcsight to remedy) # Set the name of the remedy form the arcsight remedy client # should submit event data to. remedy.event.form=ArcSight Ticket # Set the number of fields in the form remedy.event.form.fields=3 # Set the remedy field names to arcsight attribute names mapping remedy.event.form.field[0].name=TicketName arcsight.event.attribute[0].name=name remedy.event.form.field[1].name=IncidentTime arcsight.event.attribute[1].name=endTime remedy.event.form.field[2].name=ReportDevice arcsight.event.attribute[2].name=deviceAddress Remedy Schema Every Remedy App is Unique with its own fields Define Fields as per ArcSight Event Attributes desired ArcSight Schema Choose the ArcSight Event attributes to send to Remedy Mapping ArcSight and Remedy Schema Configured in config/arcremedyclient.properties in the Connector Note Only the chosen Event fields are transferred to Remedy Case fields are not transferred in the current Use Case © 2006 ArcSight Confidential

25 Installation/Configuration
Extract the ArcSightRemedyClient zip file Running from command line: bin/arcremedyclient <params> Demonized version: bin/arcremedyclientsvc <params> Parameters ArcSight Manager installation directory path, Remedy Username, Remedy Password, Remedy Servername, Remedy Port © 2006 ArcSight Confidential

26 Installation/Configuration
Setup to run as a Service Windows bin/arcremedyclientsvc –i Solaris/Linux startup/solaris/runAsRoot –i /etc/init.d/arcremedyclient service configuration and startup script Set JAVA_HOME to use the ArcSight Manager’s JRE Schema mapping and other configuration config/arcremedyclient.properties Troubleshooting logs/arcremedy.log © 2006 ArcSight Confidential

27 © 2006 ArcSight Confidential
Questions and Answers Download Slides More ArcSight Events Join the User Forum © 2006 ArcSight Confidential

28 © 2006 ArcSight Confidential
© 2006 ArcSight Confidential

Download ppt "Integrating ArcSight with Enterprise Ticketing Systems"

Similar presentations

Little Used, but Powerful Features with GP Cathy Fregelette, CPA, PMP Practice Manager BroadPoint Technologies September 20, 2012.

Little Used, but Powerful Features with GP Cathy Fregelette, CPA, PMP Practice Manager BroadPoint Technologies September 20, 2012.
SERVICE MANAGER 9.2 VIEWS AND REPORTS July, 2011.

SERVICE MANAGER 9.2 VIEWS AND REPORTS July, 2011.
Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014

New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version) www.megalith-solutions.com.

Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)
Enterprise Content Management Departmental Solutions Enterprisewide Document/Content Management at half the cost of competitive systems ImageSite is:

Enterprise Content Management Departmental Solutions Enterprisewide Document/Content Management at half the cost of competitive systems ImageSite is:
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.

Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.

Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
MX250 V3.0 Call Recording, Archive and Archive Viewer.

MX250 V3.0 Call Recording, Archive and Archive Viewer.
OFC302 Building Smart Document Solutions in Word & Excel Martin Sawicki Lead Program Manager.

OFC302 Building Smart Document Solutions in Word & Excel Martin Sawicki Lead Program Manager.
Migration XenDesktop 7. © 2013 Citrix | Confidential – Do Not Distribute Migration prerequisites Set up a XenDesktop 7 Site, including the site database.

Migration XenDesktop 7. © 2013 Citrix | Confidential – Do Not Distribute Migration prerequisites Set up a XenDesktop 7 Site, including the site database.
Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.

Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.
WebFOCUS Developer Studio Update Dimitris Poulos Technical Director September 3, 2015 Copyright 2009, Information Builders. Slide 1.

WebFOCUS Developer Studio Update Dimitris Poulos Technical Director September 3, 2015 Copyright 2009, Information Builders. Slide 1.
What’s new in agenTel 6.2 December 2009 The Voxtron Factory.

What’s new in agenTel 6.2 December 2009 The Voxtron Factory.
Configuration Management and Server Administration Mohan Bang Endeca Server.

Configuration Management and Server Administration Mohan Bang Endeca Server.

Similar presentations

Ads by Google