0
10.4.17
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
ArcSight ESM is a market-leading solution for collecting, correlating, and reporting on security event information. This integration with ArcSight ESM enables you to automate the ingestion of correlated events from ArcSight and improve the ability to automate the creation of security incidents in the ServiceNow platform through dynamic mapping.
This integration includes the following key features:
- Create multiple event profiles in your Now Platform instance that permit you to ingest and select sample-fired correlated events.
- Map Arcsight fired correlated events values to associated SIR security incident fields with dynamic drag-and-drop mapping.
- Aggregate (append) fired correlated events to existing security incidents when you determine that the new correlated events are related to existing security incidents.
- Validate your mapping with a preview of the event values in a security incident. You can modify the fields if you are not satisfied with the mapping.
- Retrieve historical events with the one-time retrieval feature, or schedule and ingest ongoing, future alerts at configurable intervals.
Fixed:
- Issue related to the configuration item mapping.
The Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies required to support the Security Incident Response product. Install and activate this plugin before installing and activating the other Security Operations applications required by the integration.
Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the order listed below to ensure a smooth installation.
- Security Incident Response
- Event and Alert Ingestion for Security Operations (com.snc.secops.event_ingestion)