Hello,
I have a question, It´s possible to send the “Audit Log” of EDAs appliances or ECA console by SIEM Connector (CEF for ArcSight) available? or the only way is by APIs?
The idea is monitoring any change made in the appliances seeing in “Audit Log” section.
Thanks.
Regards,
All ExtraHop appliances (EDA/ECA/EXA/ETA) can natively send audit log data to a remote syslog server. ArcSight has a SmartConnector for ArcSight Common Event Format Syslog that may help with this.
That would be the recommended and simplest method to do this. We do not support sending appliance audit logs via triggers/ODS.