Integration schemes (ArcSight)

This section describes possible integration schemes of ArcSight products and Kaspersky CyberTrace.

About the components of the standard integration scheme

The following components are used in the integration schemes for ArcSight:

ArcSight ESM
This SIEM system is used in this integration.

This component runs only on Linux.
Forwarding Connector
This ArcSight component sends ArcSight events to Kaspersky CyberTrace Service.

This component runs only on Linux.
Kaspersky CyberTrace Service
This service matches ArcSight events against Kaspersky Threat Data Feeds.
SmartConnector
This ArcSight component sends events generated by Kaspersky CyberTrace Service to ArcSight.
Security controls
These are sources of the events for ArcSight, such as firewalls, proxies, intrusion detection systems, and other networking devices. Security controls can send events to ArcSight via any method supported by ArcSight.

ArcSight ESM, ArcSight Forwarding Connector, ArcSight SmartConnector, and Kaspersky CyberTrace Service can be installed on various servers according to the schemes described below. To reduce impact on performance, we recommend to install ArcSight ESM on a separate server without ArcSight Forwarding Connector, ArcSight SmartConnector, and Kaspersky CyberTrace Service".

The figures in the following sections show some of the possible integration schemes.

Two-computer installation (suggested integration)

The figure below depicts ArcSight ESM and Forwarding Connector installed on one computer; and Kaspersky CyberTrace Service and SmartConnector installed on another.

Two-computer installation scheme (suggested integration with ArcSight).

Two-computer installation (suggested integration)

Two-computer installation (second suggested integration)

The figure below depicts ArcSight ESM installed on one computer; and Forwarding Connector, Kaspersky CyberTrace Service, and SmartConnector installed on another. This scheme is applicable only if Kaspersky CyberTrace runs on Linux, otherwise, use another installation scheme.

Two-computer installation scheme (second suggested integration with ArcSight).

Two-computer installation (second suggested integration)

Two-computer installation (third suggested integration)

The figure below depicts Kaspersky CyberTrace Service installed on one computer; and SmartConnector, ArcSight ESM, and Forwarding Connector installed on another.

Two-computer installation scheme (third suggested integration with ArcSight).

Two-computer installation (third suggested integration)

Three-computer installation

The figure below depicts ArcSight ESM installed on one computer, Forwarding Connector installed on another, and Kaspersky CyberTrace Service and SmartConnector installed on still another.

Three-computer installation scheme (integration with ArcSight).

Three-computer installation

Page top