Integration schemes (ArcSight)

This section describes possible integration schemes of ArcSight products and Kaspersky CyberTrace.

About the components of the standard integration scheme

The following components are used in the integration schemes for ArcSight:

• ArcSight ESM

  This SIEM solution is used in this integration.

• Forwarding Connector

  This ArcSight component sends ArcSight events to Feed Service.

• Feed Service

  This service matches ArcSight events against Kaspersky Threat Data Feeds.

• SmartConnector

  This ArcSight component sends events generated by Feed Service to ArcSight.

• Security controls

  These are sources of events for ArcSight such as firewalls, proxies, intrusion detection systems, and other networking devices. Security controls can send events to ArcSight via any method supported by ArcSight.

ArcSight ESM, ArcSight Forwarding Connector, ArcSight SmartConnector, and Feed Service can be installed on the same computer or connect over a network. ArcSight ESM and ArcSight Forwarding Connector run on Linux®, so they must be installed separately from Feed Service.

The figures in the following sections show some of the possible integration schemes.

Single-computer installation

The figure below depicts all four components installed on a single computer.

Single-computer installation

Two-computer installation (suggested integration)

The figure below depicts ArcSight ESM and Forwarding Connector installed on one computer, and Feed Service and SmartConnector installed on another.

Two-computer installation (suggested integration)

Two-computer installation (second suggested integration)

The figure below depicts ArcSight ESM installed on one computer, and Forwarding Connector, Feed Service, and SmartConnector installed on another.

Two-computer installation (second suggested integration)

Two-computer installation (third suggested integration)

The figure below depicts Feed Service installed on one computer, and SmartConnector, ArcSight ESM, and Forwarding Connector installed on another.

Two-computer installation (third suggested integration)

Three-computer installation

The figure below depicts ArcSight ESM installed on one computer, Forwarding Connector installed on another, and Feed Service and SmartConnector installed on still another.

Three-computer installation

Page top