Integration with Arcsight

[diveshshah]

Hi,

Can please share link or document how we can integrate Arcsight SIEM with CIF server.

Thanks Divesh Shah

[wesyoung]

here are some older examples from CIFv1, probably very similar with CIFv2:

https://dfirjournal.wordpress.com/2012/04/28/cif-integration-with-arcsight/ https://dfirjournal.wordpress.com/2012/04/29/using-cif-to-create-content-for-arcsight-part-1/ https://dfirjournal.wordpress.com/2012/06/10/using-cif-to-create-content-for-arcsight-part-2/

for more see: http://csirtgadgets.org/

[diveshshah]

Hi,

Thanks for providing links. We will check and update if any issue comes.

Divesh Shah

From: "Wes" notifications@github.com To: "csirtgadgets" massive-octo-spice@noreply.github.com Cc: "diveshshah" divesh.shah@sequretek.com, "Author" author@noreply.github.com Sent: Friday, August 12, 2016 5:19:39 PM Subject: Re: [csirtgadgets/massive-octo-spice] Integration with Arcsight (#440)

here are some older examples from CIFv1, probably very similar with CIFv2:

https://dfirjournal.wordpress.com/2012/04/28/cif-integration-with-arcsight/ https://dfirjournal.wordpress.com/2012/04/29/using-cif-to-create-content-for-arcsight-part-1/ https://dfirjournal.wordpress.com/2012/06/10/using-cif-to-create-content-for-arcsight-part-2/

for more see: http://csirtgadgets.org/

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

[devangraval007]

Hello,

Can you please guide me, how we can get CIF api key & CIF api URL? and can you please tell me default CIF user password?

Thanks, Devang Raval.

[wesyoung]

@devangraval007 if you're just starting out- you should be using CIFv3:

https://github.com/csirtgadgets/bearded-avenger-deploymentkit/wiki

the cif-tokens command will show you what you're looking for and the url will be https://localhost:5000/help to show you the REST routes.

see https://github.com/csirtgadgets/bearded-avenger-deploymentkit/wiki/Development-Guide