This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with ArcSight.
If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your technical account manager (TAM) for more information about solutions to problems.
Problem: ArcSight does not display the events from Feed Service or displays them incorrectly
To solve this problem, try the following actions:
For this purpose, run the following command:
%ARCSIGHT_HOME%/current/bin/runagentsetup.sh
(in Linux)%ARCSIGHT_HOME%\current\bin\runagentsetup.bat
(in Windows)Here %ARCSIGHT_HOME%
is the directory where ArcSight SmartConnector is installed.
Problem: An active channel does not display events after a new ARB package is imported
To solve this problem, try the following actions:
Check the filter used in the active channel:
device product
field has the value of Kaspersky CyberTrace for ArcSight
.Create a new active channel:
Start Time
and End Time
parameters as you wish.Use as Timestamp
parameter to Manager Receipt Time
.You can find available fields in the tree view of ArcSight Console, at the Field Sets > Shared > All Field Sets > Public > Kaspersky CyberTrace Connector location when the Field Sets item is selected in the drop-down box.
Problem: Feed Service does not receive events from ArcSight
To solve this problem, try the following actions:
You can use the ping
utility for this purpose.
You can use the netcat
utility for this purpose.
In Linux, you can use the following command for this purpose:
ps -Af | grep %DIR_NAME%/current/bin
Here %DIR_NAME%
is the directory in which the forwarding connector is installed. If the forwarding connector process is running, the information about it will be displayed in the console.
%ConnectorInstallDir%/current/bin/runagentsetup.sh
Here %ConnectorInstallDir%
is the directory in which ArcSight Forwarding Connector is installed.