Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

ESM 6.9.1 Docker Image

This provides ArcSight ESM 6.9.1 in a docker container. Because ESM is not open source, this repository cannot include the binaries or license from HP. See instructions below for info on how to build and use this container.

Everything assumes the hostname is docker-esm; To change the hostname you'll need to edit a few of the provided answers files, and replace all "docker-esm" instances with your desired hostname.

How to build

Note that the installation requires at least 50Gb of storage free. Ensure that your build environment has enough space. It isn't actually used, however the installer verifies and will fail if <50G is free.

Additionally this has to be built in two layers, as the arcsight installer can't find the firstboot answers file. The only way I can get this to work is to split into two.

  1. Copy the ESM 6.9.1 binary from HP into midlayer/ArcSightESMSuite-
  2. Copy your license file into the midlayer/arcsight.lic
  3. Run "docker build -t midlayer ." in the midlayer folder
  4. Run "docker build -t mitchese/private:esm691 ." in the finallayer folder

How to run

  1. Run the following command: docker run -ti --name docker-esm -h docker-esm -p 8443:8443 mitchese/private:esm691

This will take a few minutes to startup (requires >4G of ram). After it is running, you can connect to https://docker-esm:8443/ with "admin" and "Happy123". All passwords in the container are set to my test password, Happy123.

How to connect connectors

For testing connector containers, you can provide a link in docker. Example

docker run --link docker-esm:docker-esm -ti mitchese/private:connector bash


Build Scripts for building ArcSight ESM in a docker container






No releases published


No packages published