Connector Commands

Tip: Prerequisites for Connector Commands

If you plan to build and use Connector commands you need:

  • Access to relevant servers where the SmartConnectors are installed.

  • One or more of the associated SmartConnectors deployed and registered with the Manager to which your ArcSight Console is connected.

Test connectivity and authentication between your local machine, SmartConnectors, and appliances before setting up Connector integration commands.

Attribute

Description

Name

User-friendly Name for the command.

Group

Choose a group from the Group drop-down menu. Depending on which Group you select, relevant commands are provided in the next field (Command). Note that CounterACT is no longer supported, and therefore no relevant commands are displayed for it.

See Set Event Field in Rule Actions Reference.

Command

Choose a command from the drop-down menu. Depending on which Group you selected, relevant commands are provided here. Choose a Connector command from the drop-down list.

Note: In order to get the list of Connector commands, you need to have the SmartConnector deployed and registered with the Manager to which your ArcSight Console is connected.

Parameters

To define parameters for the command:

  1. Click the browse button to get the Parameters dialog.

    A table of name-value pairs is provided that represents the valid parameters for the given command.

  2. Select the parameters to use, and define values for them with either hard-coded values or Velocity Expressions.

    For example, you could define the Connector command Quarantine Node By IP Address to use three parameters; IP Address, Quarantine Period, and Overwrite Active Quarantine (a yes/no value set to 0 or 1, respectively).

    You could set the IP address to a Velocity Expression for attacker address, Quarantine Period could be set to 1 hour, and overwrite set to Yes.

    The Attributes list provides Velocity Expressions for all event fields along with options to add Console selections, dates, and channel start and end times as attributes.

  3. Click OK on the Parameters dialog to save your changes.

Tip: Entering data in the Common and Assign sections is optional, depending on how your environment is configured. For information about the Common and Assign attributes sections, as well as the read-only attribute fields in Parent Groups and Creation Information, see Common Resource Attribute Fields.