Administrators can configure notifications, acknowledgments, and wait-time settings. The escalation time window or wait-time depends on the event's severity.
Note: If notifications and acknowledgments were disabled during Manager setup, mail server settings made through the ArcSight Console do not take effect until you re-run the Manager configuration wizard to enable notifications and acknowledgments on the Manager side.
To re-enable notifications settings, follow instructions in the ESM Administrator's Guide to:
Stop the ArcSight Console and Manager.
Re-run the Manager configuration wizard and enter settings for your SMTP server.
To change e-mail settings:
In the Notification resource tree, right-click a group and choose Settings, then Edit E-mail Settings.
In the Notification Editor, type in the following text fields:
|
Notification Fields |
Definition |
|---|---|
|
From Address |
The e-mail address from where the notification messages are sent. It is important that the "from address" specified is one that is not rejected by the SMTP server, since some SMTP servers reject unknown e-mail addresses. For notifications sent by cell phone, any cell phone must be e-mail enabled. |
|
Outgoing Mail Server |
The host name of the local outgoing mail server. This is the SMTP server ArcSight uses to send e-mail. The Outgoing Mail Server must be accessible from the ArcSight Manager for e-mail notifications to be sent. SMTP is used to send e-mail. An SMTP server must be configured either at install time or set here. |
|
Incoming Mail Server |
The local incoming mail server host name. |
|
Incoming Mail Protocol |
Select either IMAP or POP3 mail protocols. |
|
E-mail Account |
The e-mail account name. For notifications sent by e-mail, you need to add an address to the e-mail Address field. |
| Account Password | Enter the password for the account. |
| Confirm Password | Re-enter the same password to confirm. |
Note: POP3 and IMAP can be used to check for e-mail acknowledgments. You can specify these options at install time, or set them here. For acknowledgements, the relevant fields are "incoming mail server," which is the POP/IMAP server to specify to check e-mail, "incoming mail protocol," which is either POP3 or IMAP, "account" and "password," which are the login name and password to access the mailbox from the incoming mail server. Note that replying to mails from the notification "from address" should reach the mailbox accessible to the "account" login.
Type the E-mail Account password in the Password text field and confirm it in the Confirm Password text field.
Click OK.
To change wait time settings:
The default wait-time values for Very-High severity and High severity are set at 5 minutes, Medium is set for 30 minutes, and Low is set for 2 hours.
In the Notification resource tree, right-click a group and choose Settings, then Edit Escalation Wait Time.
In the Notification Editor, type in the wait time for the hour (Hr) and minute (Min) text fields for Very-High, High, Medium, or Low severity.
Click OK.