Integrating ArcSight with Enterprise Ticketing Systems P2.ppt
randoidzero
2 views
26 slides
Sep 16, 2025
Slide 1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
About This Presentation
Archsight enterprise
Slide Content
www.hp.com © 2014 HP Confidential 1
Integrating ArcSight with
Enterprise Ticketing Systems
Dhiraj Sharan
Senior Software Engineer
Integrating ArcSight with
Enterprise Ticketing Systems
Dhiraj Sharan
Senior Software Engineer
www.hp.com © 2014 HP Confidential 2
Agenda
►Enterprise System Integration
•Options Available in the ArcSight Manager
►Enterprise Ticketing Integration deep dive:
Export to External System
•How Export to External System works
►Need for an Enterprise System Connector
►Case Study: ArcSight Remedy Connector
•Introduction to Remedy Action Request System
•Architecture of ArcSight Remedy Connector
•Mapping the Schema between Remedy and ArcSight
•Installation and Configuration
Agenda
►Enterprise System Integration
•Options Available in the ArcSight Manager
►Enterprise Ticketing Integration deep dive:
Export to External System
•How Export to External System works
►Need for an Enterprise System Connector
►Case Study: ArcSight Remedy Connector
•Introduction to Remedy Action Request System
•Architecture of ArcSight Remedy Connector
•Mapping the Schema between Remedy and ArcSight
•Installation and Configuration
www.hp.com © 2014 HP Confidential 3
Options Available for Enterprise System
Integration with the ArcSight Manager
1. Export to External System
•Export/import of XML files done by the Manager
2. Archive Tool
•Externally launched command line client to export/import XML
files from the Manager
3. External Scripts
•Launch external scripts from Rule Actions or interactively from
Console Tools
Options Available for Enterprise System
Integration with the ArcSight Manager
1. Export to External System
•Export/import of XML files done by the Manager
2. Archive Tool
•Externally launched command line client to export/import XML
files from the Manager
3. External Scripts
•Launch external scripts from Rule Actions or interactively from
Console Tools
www.hp.com © 2014 HP Confidential 4
Options Available for Enterprise System
Integration with the ArcSight Manager
4. SMTP
•Send email notifications from Rule Actions
5. SNMP
•Send SNMP traps from the Manager
6. Enterprise System Connector
•Native integration
Options Available for Enterprise System
Integration with the ArcSight Manager
4. SMTP
•Send email notifications from Rule Actions
5. SNMP
•Send SNMP traps from the Manager
6. Enterprise System Connector
•Native integration
www.hp.com
Export to External
System
© 2014 HP Confidential 5
Export to External
System
© 2014 HP Confidential 5
www.hp.com © 2014 HP Confidential 6
Export to External System at the User Level
►Export to External System of Event
►Export to External System of Case
1. User Driven: right click on Event in Console
2. Automated: from Rule Action
3. User Drive: right click on Case in Console
4. Automated: via Case Search Group
Export to External System at the User Level
►Export to External System of Event
►Export to External System of Case
1. User Driven: right click on Event in Console
2. Automated: from Rule Action
3. User Drive: right click on Case in Console
4. Automated: via Case Search Group
www.hp.com © 2014 HP Confidential 7
1. User Driven
Export to External System of Event
Right click on Event in Console —> Export —> External Event Tracking System
1. User Driven
Export to External System of Event
Right click on Event in Console —> Export —> External Event Tracking System
www.hp.com © 2014 HP Confidential 8
2. Automated
Export to External System of Event
Automated Export to External System from Rule Action
2. Automated
Export to External System of Event
Automated Export to External System from Rule Action
www.hp.com © 2014 HP Confidential 9
3. User Driven
Export to External System of Case
Right click on Case —> Export —> External Event Tracking System
3. User Driven
Export to External System of Case
Right click on Case —> Export —> External Event Tracking System
www.hp.com © 2014 HP Confidential 10
4. Automated
Export to External System of Case
Automated Export to External System from Case Search Group
server.properties
# ------------------------------------------------------------
# External Ticket System Configuration
# ------------------------------------------------------------
# This configures in no. of seconds, data should be exported
# to external trouble ticket systems.
external.export.interval=60
# The Case Search Group that should be used for automatically
# exporting events of cases that fall in the search criteria.
#external.export.querygroup.uri=/All Cases/All Cases/Export Cases
# Upper limit on number of cases to be exported from the query
# group in one export cycle.
external.export.querygroup.max=100
4. Automated
Export to External System of Case
Automated Export to External System from Case Search Group
server.properties
# ------------------------------------------------------------
# External Ticket System Configuration
# ------------------------------------------------------------
# This configures in no. of seconds, data should be exported
# to external trouble ticket systems.
external.export.interval=60
# The Case Search Group that should be used for automatically
# exporting events of cases that fall in the search criteria.
#external.export.querygroup.uri=/All Cases/All Cases/Export Cases
# Upper limit on number of cases to be exported from the query
# group in one export cycle.
external.export.querygroup.max=100
www.hp.com © 2014 HP Confidential 11
Tracking Event Exports via Cases
►Purpose: Audit Export
to External System
►Case gets created
behind the scenes in
/All Cases/System Cases
if the export was for an
Event instead of a Case
•Export to External System from Console UI right click on an Event
•Export to External System from Rule Action
►So umbrella Case always there for ANY export
Tracking Event Exports via Cases
►Purpose: Audit Export
to External System
►Case gets created
behind the scenes in
/All Cases/System Cases
if the export was for an
Event instead of a Case
•Export to External System from Console UI right click on an Event
•Export to External System from Rule Action
►So umbrella Case always there for ANY export
www.hp.com © 2014 HP Confidential 12
Export to External System: Export as XML File
►Periodic export/import every 60 seconds (default)
►Cases and their events are exported in archive
XML format
►Archive file exported to archive/exports directory
―ExternalEventTrackingData_<timestamp>.xml
►Archive imports checked from archive/imports directory
―ExternalEventTrackingData_<timestamp>.xml
►DTDs of XML files available in schema/xml/archive
directory on Manager
Export to External System: Export as XML File
►Periodic export/import every 60 seconds (default)
►Cases and their events are exported in archive
XML format
►Archive file exported to archive/exports directory
―ExternalEventTrackingData_<timestamp>.xml
►Archive imports checked from archive/imports directory
―ExternalEventTrackingData_<timestamp>.xml
►DTDs of XML files available in schema/xml/archive
directory on Manager
www.hp.com © 2014 HP Confidential 13
Agenda Refresher
►Enterprise System Integration
•Options Available in the ArcSight Manager
►Enterprise Ticketing Integration deep dive:
Export to External System
•How Export to External System works
►Need for an Enterprise System Connector
►Case Study: ArcSight Remedy Connector
•Introduction to Remedy Action Request System
•Architecture of ArcSight Remedy Connector
•Mapping the Schema between Remedy and ArcSight
•Installation and Configuration
Agenda Refresher
►Enterprise System Integration
•Options Available in the ArcSight Manager
►Enterprise Ticketing Integration deep dive:
Export to External System
•How Export to External System works
►Need for an Enterprise System Connector
►Case Study: ArcSight Remedy Connector
•Introduction to Remedy Action Request System
•Architecture of ArcSight Remedy Connector
•Mapping the Schema between Remedy and ArcSight
•Installation and Configuration
www.hp.com
Enterprise System
Connector
© 2014 HP Confidential 14
Enterprise System
Connector
© 2014 HP Confidential 14
www.hp.com © 2014 HP Confidential 15
Need for a Custom Connector
To link archive XML with External Ticketing System
ArcSight
Manager
Enterprise
System
Connector
External
Ticketing
System
Common ArcSight Standard
for Ticketing Integration
Custom Connector for Specific
External Ticketing Systems
Export to
External System
Need for a Custom Connector
To link archive XML with External Ticketing System
ArcSight
Manager
Enterprise
System
Connector
External
Ticketing
System
Common ArcSight Standard
for Ticketing Integration
Custom Connector for Specific
External Ticketing Systems
Export to
External System
www.hp.com
ArcSight Remedy
Connector
© 2014 HP Confidential 16
ArcSight Remedy
Connector
© 2014 HP Confidential 16
www.hp.com © 2014 HP Confidential 17
BMC Remedy Action Request System (ARS)
►ARS is a Application Builder but NOT an Application
►ARS builds Service Applications in a request-centric,
forms-driven, Workflow-based architecture
►ARS Integration Method
•Remedy ARS API library
•Remote API Protocol : Sun RPC
►Use Case for the current ArcSight Remedy Connector
•Use Remedy as a ticketing interface instead of ArcSight Cases
BMC Remedy Action Request System (ARS)
►ARS is a Application Builder but NOT an Application
►ARS builds Service Applications in a request-centric,
forms-driven, Workflow-based architecture
►ARS Integration Method
•Remedy ARS API library
•Remote API Protocol : Sun RPC
►Use Case for the current ArcSight Remedy Connector
•Use Remedy as a ticketing interface instead of ArcSight Cases
www.hp.com © 2014 HP Confidential 18
Case Study: ArcSight Remedy Connector
►ArcSight Remedy Connector is a broker between
ArcSight Manager and Remedy ARS
•Remedy ARS server connection
―Uses Remedy ARS API library
―ARS API Protocol: Sun RPC
•ArcSight Manager connection
―Uses XML file based protocol from Export to External System feature
―Runs as a service on the ArcSight Manager machine
►Watches for manager exported files in archive/exports
►Parses Archive XML and prepares data to submit
to Remedy form
►Near real-time data transfer (default 60 seconds)
Case Study: ArcSight Remedy Connector
►ArcSight Remedy Connector is a broker between
ArcSight Manager and Remedy ARS
•Remedy ARS server connection
―Uses Remedy ARS API library
―ARS API Protocol: Sun RPC
•ArcSight Manager connection
―Uses XML file based protocol from Export to External System feature
―Runs as a service on the ArcSight Manager machine
►Watches for manager exported files in archive/exports
►Parses Archive XML and prepares data to submit
to Remedy form
►Near real-time data transfer (default 60 seconds)
www.hp.com © 2014 HP Confidential 19
Architecture: ArcSight Remedy Connector
Remedy ARS Server
ArcSight
Manager
ArcSight
Remedy
Connector
Remedy User Remedy
Administrator
Archive XML File
Export/Import
ArcSight Manager Server
ArcSight Remedy
Connector Architecture
Remedy
Web Server
Remedy
Database
ARS RPC
Protocol
Architecture: ArcSight Remedy Connector
Remedy ARS Server
ArcSight
Manager
ArcSight
Remedy
Connector
Remedy User Remedy
Administrator
Archive XML File
Export/Import
ArcSight Manager Server
ArcSight Remedy
Connector Architecture
Remedy
Web Server
Remedy
Database
ARS RPC
Protocol
www.hp.com © 2014 HP Confidential 20
Versions and Platforms
►ArcSight Remedy Connector
•Current Release: 3.0.4
•Platforms: Windows, Solaris, Redhat Linux
►Supported ArcSight Manager Versions
•Same Connector supports Manager versions 2.5, 3.0, 3.5
•Connector independent of Manager versions as long as Archive
XML schema remains same
►Supported Remedy ARS Versions
•Connector tested with Remedy ARS versions 5.1 to 6.3
•Future Remedy ARS versions maintain backward compatibility
with Remedy ARS APIs used by Connector
Versions and Platforms
►ArcSight Remedy Connector
•Current Release: 3.0.4
•Platforms: Windows, Solaris, Redhat Linux
►Supported ArcSight Manager Versions
•Same Connector supports Manager versions 2.5, 3.0, 3.5
•Connector independent of Manager versions as long as Archive
XML schema remains same
►Supported Remedy ARS Versions
•Connector tested with Remedy ARS versions 5.1 to 6.3
•Future Remedy ARS versions maintain backward compatibility
with Remedy ARS APIs used by Connector
www.hp.com © 2014 HP Confidential 21
Remedy ARS Server
Data Flow: ArcSight Remedy Connector
ArcSight
Manager
ArcSight
Remedy
Connector
ArcSight
Console
TM
ArcSight
XML
Archive
Manual or Automatic Export to
External System of Cases and Events
Case and Event data exported to the XML fileRemedy Connector parses the XML dataTicket created in Remedy
Remedy Ticket ID and Status
reported back to the remedy connector
Remedy Ticket ID and Status
put as Archive XML file for updates
Remedy Ticket ID and Status
imported by the Manager
Action
Remedy ARS Server
Data Flow: ArcSight Remedy Connector
ArcSight
Manager
ArcSight
Remedy
Connector
ArcSight
Console
TM
ArcSight
XML
Archive
Manual or Automatic Export to
External System of Cases and Events
Case and Event data exported to the XML fileRemedy Connector parses the XML dataTicket created in Remedy
Remedy Ticket ID and Status
reported back to the remedy connector
Remedy Ticket ID and Status
put as Archive XML file for updates
Remedy Ticket ID and Status
imported by the Manager
Action
www.hp.com © 2014 HP Confidential 22
Two-way Integration
►Connector brings the Remedy Ticket Number back to
ArcSight
•Stored in Case External ID attribute
►Connector tracks Remedy Ticket Status changes and
brings the STATUS back to ArcSight
•Configure which Case attribute should hold Status
►Sends ticket number and status to the manager via XML
file in archive/imports directory
►Other fields not synchronized in the current Connector
Use Case
►Connector can be modified to synchronize other fields
too since the Archive XML interface supports it
Two-way Integration
►Connector brings the Remedy Ticket Number back to
ArcSight
•Stored in Case External ID attribute
►Connector tracks Remedy Ticket Status changes and
brings the STATUS back to ArcSight
•Configure which Case attribute should hold Status
►Sends ticket number and status to the manager via XML
file in archive/imports directory
►Other fields not synchronized in the current Connector
Use Case
►Connector can be modified to synchronize other fields
too since the Archive XML interface supports it
www.hp.com © 2014 HP Confidential 23
Defining the ArcSight Form in ARS
Defining the ArcSight Form in ARS
www.hp.com © 2014 HP Confidential 24
►Remedy Schema
•Every Remedy App
is Unique with its
own fields
•Define Fields as per
ArcSight Event Attributes
desired
►ArcSight Schema
―Choose the ArcSight Event attributes to send to Remedy
►Mapping ArcSight and Remedy Schema
―Configured in config/arcremedyclient.properties in the Connector
►Note
•Only the chosen Event fields are transferred to Remedy
•Case fields are not transferred in the current Use Case
# ------------------------------------------------------------
# Remedy field mappings for uplink (from arcsight to remedy)
# ------------------------------------------------------------
# Set the name of the remedy form the arcsight remedy client
# should submit event data to.
remedy.event.form=ArcSight Ticket
# Set the number of fields in the form
remedy.event.form.fields=3
# Set the remedy field names to arcsight attribute names mapping
remedy.event.form.field[0].name=TicketName
arcsight.event.attribute[0].name=name
remedy.event.form.field[1].name=IncidentTime
arcsight.event.attribute[1].name=endTime
remedy.event.form.field[2].name=ReportDevice
arcsight.event.attribute[2].name=deviceAddress
Mapping ArcSight Schema to Remedy Schema
►Remedy Schema
•Every Remedy App
is Unique with its
own fields
•Define Fields as per
ArcSight Event Attributes
desired
►ArcSight Schema
―Choose the ArcSight Event attributes to send to Remedy
►Mapping ArcSight and Remedy Schema
―Configured in config/arcremedyclient.properties in the Connector
►Note
•Only the chosen Event fields are transferred to Remedy
•Case fields are not transferred in the current Use Case
# ------------------------------------------------------------
# Remedy field mappings for uplink (from arcsight to remedy)
# ------------------------------------------------------------
# Set the name of the remedy form the arcsight remedy client
# should submit event data to.
remedy.event.form=ArcSight Ticket
# Set the number of fields in the form
remedy.event.form.fields=3
# Set the remedy field names to arcsight attribute names mapping
remedy.event.form.field[0].name=TicketName
arcsight.event.attribute[0].name=name
remedy.event.form.field[1].name=IncidentTime
arcsight.event.attribute[1].name=endTime
remedy.event.form.field[2].name=ReportDevice
arcsight.event.attribute[2].name=deviceAddress
Mapping ArcSight Schema to Remedy Schema
www.hp.com © 2014 HP Confidential 25
Installation/Configuration
►Extract the ArcSightRemedyClient.3.0.4.zip file
►Running from command line:
•bin/arcremedyclient <params>
•Demonized version: bin/arcremedyclientsvc <params>
►Parameters
•ArcSight Manager installation directory path, Remedy Username,
Remedy Password, Remedy Servername, Remedy Port
Installation/Configuration
►Extract the ArcSightRemedyClient.3.0.4.zip file
►Running from command line:
•bin/arcremedyclient <params>
•Demonized version: bin/arcremedyclientsvc <params>
►Parameters
•ArcSight Manager installation directory path, Remedy Username,
Remedy Password, Remedy Servername, Remedy Port
www.hp.com © 2014 HP Confidential 26
Installation/Configuration
►Setup to run as a Service
•Windows
―bin/arcremedyclientsvc –i
•Solaris/Linux
―startup/solaris/runAsRoot –i
―/etc/init.d/arcremedyclient service configuration and startup script
►Set JAVA_HOME to use the ArcSight Manager’s JRE
►Schema mapping and other configuration
―config/arcremedyclient.properties
►Troubleshooting
―logs/arcremedy.log
Installation/Configuration
►Setup to run as a Service
•Windows
―bin/arcremedyclientsvc –i
•Solaris/Linux
―startup/solaris/runAsRoot –i
―/etc/init.d/arcremedyclient service configuration and startup script
►Set JAVA_HOME to use the ArcSight Manager’s JRE
►Schema mapping and other configuration
―config/arcremedyclient.properties
►Troubleshooting
―logs/arcremedy.log
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2
- Slides 26
- Age 80 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views