Network Tools as Integration Commands
The following standard network tools are also provided as integration commands. You can find this toolset in /Integration Commands/Shared/ArcSight System/Tools/
. You can edit these or add new commands, configurations, and contexts as described in Defining Commands and Using Configurations to Group Commands. (Also see Using the Network Tools)
With network tools integration commands you can:
-
Define contexts for where tools show up on the ArcSight Console. You can customize integrated network tools and configure them for all types of views (charts, graphs, tables), and in the navigator, editors, and so on. Legacy network tools are available only on grid views; you cannot define the context.
-
Select and run commands on navigator tree items, all types of views, and editors items. With integrated network tools, you can select various items in chart and graph views, on the editors, and in the navigator tree. Legacy network tools are limited to running only on the selected cell in a grid view (table) in the Viewer.
-
Configure access control lists (ACLs). You can grant or limit access to integrated network tools commands for particular user groups by setting the setting ACL permissions on the tools resource group. The integrated network tools reside under
/All Integration Configurations/ArcSight System/Tools
. UnderTools
, the network tools are further grouped intoLinux
andWindows
.You can control access to the tools commands and configurations groups (select the Tools group, right-click, and choose Edit Access Control) as described in Granting or Removing Resource Permissions. You can organize users and the tools themselves into various groups to fit with the permissions scheme you want to create.
Tree
Resource
Nslookup
Resolves an IP address to a host or domain name, or the reverse.
Notes:
-
For the Linux version of this command, Nsookup(Linux) is for IPv4 address or hostname, and Nslookup-IPv6 (Linux) is for IPv6 address or hostname.
-
For the Windows version of this command, Nslookup (Windows) works for both IPv4 and IPv6 addresses or hostnames.
Ping
Determines whether a particular IP address is online and/or it tests and debugs a network by sending a packet and waiting for a response.
Notes:
-
For the Linux versions of this command, Ping (Linux) is for use in an IPv4 network, and Ping6 (Linux) is for use in an IPv6 network.
-
For the Windows version of this command, Ping (Windows) works for both IPv4 and IPv6 networks.
PortInfo
Lists standard usage such as WWW or FTP, for a specified port number.
Note: This command works in both IPV4 and IPv6 networks.
Traceroute
Shows the path from the ArcSight Console to the IP address selected in the grid view, reporting the IP addresses of all routers in between.
Note: This command works on both IPV4 and IPv6 addresses.
WebSearch
Search the Web through Google to find links to the keywords present in currently selected active channel grid view cells.
Note: This command works in both IPV4 and IPv6 networks.
Whois
Looks up who is behind a given domain name; information might include addresses and telephone numbers.
Note: This command works in both IPV4 and IPv6 networks.
-
These are configured with default Velocity Expressions for parameters. You can edit the commands and configurations for these network tools as needed (and add new ones).
To run a network tool, select an IP address in a grid view (for example, active channel, list, data monitor) and select Integration Commands > <Network Tool> from the context menu (for example, Integration Commands > ping).
Note: The Send Logs command is not configured as an integrated command. See Using the Network Tools and Send Logs for information on that command.
To add or reconfigure legacy tools:
-
Choose Tools > Local Commands > Configure.
-
Select a tool and click Edit.
Keep in mind that they have limitations compared to the new tools.