You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I do not have access to ArcSight, so I'm afraid I can only provide rudimentary advise.
Splunk parser could definitely be used as a "template" to create your arcsight parser. There is also a "generic" and a "snort" parser included as well.
The concept is the same for all though. Read the email body, and create a data structure for an Alertgroup then return that.
Hello,
The sample parser modules on the SCOT /opt/scot/lib/Scot/Parser/ does not have for ArcSight.
Can i adapt the parser for the splunk.pm.
Do i need to make a change on the "parse_message” function"
thanks
The text was updated successfully, but these errors were encountered: