User Manual Part 5
Administration Tab
SpectraGuard® Enterprise User Guide
246
The Enterprise Security Management (ESM) Integration screen allows configuration of various ESM integrations that
collect, analyze, and display events.
The system integrates with ArcSight’s Enterprise Security Management (ESM) infrastructure by sending events to the
designated ArcSight server. The ArcSight server is configured to accept syslog messages having detailed event
information in ArcSight’s Common Event Format (CEF). The system needs the IP Address or the hostname and the
port on which the ArcSight server receives events.
ArcSight ESM Server
ArcSight Integration Status: If ArcSight integration is enabled, the system sends messages to the configured
ArcSight servers. Otherwise, ArcSight integration services are shut off.
If you select ArcSight Integration Enabled, you can manage ArcSight servers. The system enables
ArcSight Integration by default.
Current Status: Displays the Current Status of the ArcSight Integration: Running or Stopped. An Error
status is shown in one of the following cases:
One of the configured and enabled ArcSight servers has a hostname, which cannot be resolved
System server is stopped
Internal error, in which case you need to contact Technical Support
Adding an ArcSight Server
Under ArcSight Servers, click <Add>to open to ArcSight Configuration dialog where you can add ArcSight
server details.