Configure HP ArcSight for Integration with Bomgar Privileged Access

If desired, a custom tool can be created within the ArcSight Console to allow users to Jump directly to an endpoint from an event entry. This approach leverages Bomgar PA's Client Scripting API to construct an open URL in your browser of choice to make sure no additional software is required. The URL instructs the Bomgar Appliance to generate and download a Bomgar console script file run by the access console to initiate the Jump session. To create the tool, follow the steps below.

HP ArcSight console showing the Tool dropdown ment and selecting the configure option

  1. In the ArcSight Console, click Tools > Local Commands > Configure.


    Shows the Tool prompt where you enter in information such as Name, Program, etc. to help configure the integration

  3. Click New to create a new Local Command.


  5. In the Tool settings dialog, configure the tool as follows:

    Field Name Field Value

    Access via Bomgar

    Program [Browse to and select the executable (.exe) for your preferred browser]
    Working Directory [The directory containing the executable for your preferred browser]
    Icon [Can be the default, tools_custom.gif, or any other image you choose]
    Program Parameters https://<bomgar-hostname>/api/client_script?type=rep&operation=generate&action=start_jump_item_session&search_string=$selectedCell
    Show in toolbar [Checked]
    Use with data export [Unchecked
  6. Click OK to create the tool and close the Configure Tools window.

    Shows a grid that lists the IP address and hostname of the endpoints found in Bomgar and the selection of an endpoint in HP ArcSight

  8. You can now right-click on any cell in the grid containing an IP address or hostname that matches an existing endpoint in the rep console to initiate a session.

Note: The Bomgar Appliance does not require any additional configuration or changes beyond those mentioned in the Bomgar SIEM Tool Plugin Installation and Administration.