Zones CSV File Format

Zones define functional parts of a network, such as a wireless LAN, private networks, or subnets. For example, the following network areas could be identified as a zone: the VPN, the DMZ, or an engineering network. Zones are identified with a contiguous block of addresses.

Caution: Each zone should specify a unique range of IP addresses. The IP addresses specified by zones should not overlap. If you import a zone that overlaps with a zone already specified on the ArcSight Manager and the new zone has a different name than the existing zone, the following occurs:

  • The new zone is created.

  • The existing zone is invalid and is displayed with the broken zone icon in the Console.

You can define a set of zones in ESM by batch loading zone definitions from a zones CSV file. Zones CSV files contain the columns listed in the table below. When a zones CSV file is selected for import, by default only the first fifteen rows of data are displayed in Select Column Headers for the Zone Data panel. However, when the data is imported into the ArcSight Manager, all the rows are imported. For more information, see Increasing the Number of Displayed Rows.

For the wizard to determine how to process the imported data, the type of each column must be specified. For more information, see Specifying CSV Column Types.

When the Next button is clicked in the Summary of Data to Import panel, the zone data is imported into the ArcSight Manager. The new zones are created in the /All Zones/Site Zones group. For example, if a zone called DMZPublic was specified in the imported zones CSV file, a new zone is created at the following URI: /All Zones/Site Zones/DMZ Public. The new zones are assigned to the default network called Local.

Zone CSV File Columns

Column Type

Description

Required Column?

Repeatable Column?

Example Value

Name

A descriptive name for the zone such as the purpose or geographical location.

Yes

No

DMZ Public

Start Address

The start of the range of IP addresses that defines the zone.

Yes

No

192.0.2.0

End Address

The end of the range of IP addresses that defines the zone.

Yes

No

192.0.2.24

Dynamic

Determines whether the devices defined in the zone use dynamic addressing:

  • true—devices in the zone use dynamic addressing (DHCP)

  • false—devices in the zone use static IP addressing

No

Default is false

No

false

Category URI

The asset category to assign to zone.

NOTE: The wizard does not create new categories. For the category to be assigned, it must already exist.

No

Yes

This column can be repeated because a zone can be categorized into more than one asset category.

/All Asset Categories/Site Asset Categories/Business Impact Analysis/Business Role/Service/Web/

Ignore

The column contains data that is not used by the Network Model wizard when creating zones. For example, this column could contain a description of the zone.

No

Yes

This zone defines the public subnetwork of the DMZ.

An Example of a Zones CSV File

Here is an example of the Zones CSV file:

HRZoneA,<Starting-IP-address>,<Ending-IP-address>,FALSE,/All Asset Categories/ArcSight System Administration/Databases/
IT Zone,<Starting-IP-address>,<Ending-IP-address>,TRUE,/All Asset Categories/ArcSight System Administration/Databases/