After commands are configured, they are available in various contexts in the ArcSight Console.
For example, suppose you have a configuration for a set of commands with the contexts set as follows:
|
Location |
Type |
Selection |
Data Type |
|---|---|---|---|
|
Viewer |
All Views |
All Selections |
IP Address |
This means that the given commands are available on right-click context menus on any view (for example, active channels, list views, chart views, dashboards, and so on). The user can select any row, cell, or area on a chart. In this context, only IP addresses can be provided as valid parameters to the command.
Open an active channel, session list, active list, dashboard, or other resource in the viewer that shows, for example, a suspicious device, machine, or user that you want to quarantine.
Find the row on the Viewer display that contains the suspicious entity, and select a cell in that row that contains the source IP address (for example, Attacker Address).
Right-click over the cell with the source IP address (for example, Attacker Address), and choose Integration Commands > Quarantine Node.
This launches the selected command, using the IP address for the selected cell as the parameter for the command.
In general, a right-click any context in the ArcSight Console UI for which integration commands have been configured show all integration configurations.