Step 1. Importing the ARB package

This section describes how to import the ARB package to ArcSight.

The ARB package contains objects (active channels, dashboards, field sets, reports, rules, filters, users) that are necessary for integrating the service with ArcSight. When you import this file, these objects are created in ArcSight.

To import the ARB package:

  1. Run ArcSight Console.
  2. In the Navigator pane (tree view), select the Packages tab.
  3. Click the Import button.

    ArcSight packages

  4. In the Open window, select the Kaspersky_CyberTrace_Connector.arb file, located in the integration directory.

    ARB file selection

    The import process will be performed.

    ARB import complete

After all objects from the ARB file are imported to ArcSight, all the imported rules are real-time rules, that is, they will be applied in real time.

To browse and manage the list of real-time rules:

  1. In the tree view, click the Resources tab.
  2. Open the Active Channels drop-down list and select Rules.
  3. In the tree, select Rules > Shared > All Rules > Real-time Rules.

    Real-time rules

  4. Expand Real-time Rules and remove unnecessary nested items from it.

After the ARB package is imported, new objects are created in ArcSight.

After the import is finished, make sure that the FwdCyberTrace user is created. To check, navigate to Users > Shared > Custom User Groups > Kaspersky CyberTrace Connector in ArcSight Console. If there is no FwdCyberTrace user, create it manually.

Page top