Set up your ServiceNow AI Platform instance for the ArcSight ESM event ingestion integration
The following section lists the setup tasks that you are required to complete in your ServiceNow AI Platform® instance prior to installing the application from the ServiceNow Store.
始める前に
Role required: admin
このタスクについて
Refer to the following table and verify that you have completed all the listed tasks before you download and install the application to ensure a smooth installation and configuration.
| Setup task | Description |
|---|---|
| Verify that you have assigned the required ServiceNow AI Platform® and Security Incident Response (SIR) roles. | The following roles are required for the installation, setup, and use of the integration in your ServiceNow AI Platform® instance.
For more information about roles and assigning roles to users, see Roles on the Servicenow Product Documentation website. |
| Verify that you are using version 7.0.0.2436 or later of the ArcSight ESM Manager. Earlier versions are not supported. | If you have access to the ArcSight ESM Query Viewer, you have access to the API that is required for this integration. There is no other special setup required for the API. |
| Set up the Query Viewer in ArcSight ESM. | Before you can ingest correlation events, you must configure the Query Viewer in the ArcSight ESM console. See Set up the ArcSight ESM Query Viewer for details. |
| Optional
Create custom stages in ArcSight ESM for correlation event updates. |
A correlation event goes through many stages in its life cycle before it is closed. ArcSight ESM provides default stages like Initial, Monitoring, Queued, and Closed. Some of these stages require user inputs but other stages are automatically applied to the event without any user
intervention (the User Required field is unchecked in the ArcSight ESM console). You can create custom stages that do not require any user intervention and use them in your ServiceNow AI Platform® instance. See Additional options: Automate correlated event updates and closure based on SIR incident status for details. |
| Verify that you have installed and configured a MID Server Application. | Configured MID Server Application A MID Server in your ServiceNow AI Platform® instance is required to connect to the ArcSight ESM service if the ArcSight ESM server is deployed within your corporate network. See Install and configure the ServiceNow application for the ArcSight ESM Event Ingestion integration for instructions on how to configure a MID Server Application. See the MID Server for information about MID Servers. If you are using a hosted or cloud service, that is Internet accessible, a MID Server is not required. |
| Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you install the application for the integration. | Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the following order to ensure a smooth installation.
For more information about installing the Security Operations core applications, see Get entitlement for a Security Operations product or application and Activate a ServiceNow Store application. |
次のタスク
You have successfully set up your ServiceNow AI Platform® instance for the integration. The next step is to install the ArcSight ESM Security Event Ingestion for Security Operations application from the ServiceNow Store for the integration.