Configure the SIEM Tool Plugin for Integration between HP ArcSight and Bomgar Privileged Access
To begin configuration, launch the Middleware Administration Tool and click on the clipboard icon next to the plugin name.
The first portion of plugin configuration provides the necessary settings for communication between the plugin and the Bomgar Appliance. These fields are described in the Bomgar SIEM Tool Plugin Installation and Administration .
HP ArcSight Instance
The remainder of the plugin configuration provides the necessary settings for communication between the plugin and the HP ArcSight instance. The configuration settings include:
- Target SIEM System: Select HP ArcSight from the list.
- SIEM Syslog Host: Enter the hostname or IP address of the HP ArcSight instance that should receive messages.
- SIEM Syslog Port: Enter the port used by the HP ArcSight instance to receive syslog messages, usually port 1514.
- SIEM Syslog Protocol: Select the appropriate protocol from the list, usually UDP.
- Events to Process: Bomgar session data may contain many different event types. All types are available; however, only a subset may be desired in the SIEM tool. Select only the events you would like sent to HP ArcSight. Events matching unchecked event types are ignored.