Integration with Recon requires specific browser versions. See the ESM Support Matrix for details.
If a Recon deployment is available, you can create target parameters then execute commands to run a search. You can run searches:
By Source and Destination
By Vendor and Product
Where: Navigator > Resources > Integration Commands
Configure target with target parameters:
/All Integration Targets/ArcSight Administration/Recon.Right-click Recon 1 and select Edit Target.
The target's Edit panel opens.
Click the Add icon and add the first parameter using the following:
Parameter name = Host
Type = Text (the default)
Value = Enter the host information for Recon
Click the Add icon again and add the second parameter using the following:
Parameter name = Port
Type = Text (the default)
Port = 443, the default port for Recon. If using a different port, enter it here.
Run the search commands:
In the popup, select a type of Recon Search command:
By Source and Destination
or
By Vendor and Product
Select a target, then click OK to close the popup.
Note: If you did not perform the previous set of steps in Configure target with target parameters:, you are next prompted in another popup to enter the IP address for the Recon host. In the same popup, you have the option to save this IP address parameter to the target. See Entering/Saving Command Parameters at Runtime for information.
Your preferred browser launches the Recon Search page.
Note: On the Recon page, the time range for the search is the last 30 minutes by default, which may not yield any search results. If necessary, edit the active channel by changing the Start Time and End Time values for your search.
See Creating or Editing an Active Channel for details on setting those values.
See also Running Recon Searches.