ArcSight Integration

Integration with the ArcSight Enterprise Security Management (ESM) system and a Cloud Integration Point (CIP) enables Wi-Fi Cloud to send events to the designated ArcSight Server. The ArcSight Server is configured to accept messages that contain detailed event information in ArcSight Common Event Format (CEF). Wi-Fi Cloud requires the IP address or the host name and port on which the ArcSight Server receives events. You can also send audit log messages from Wi-Fi Cloud to an ArcSight Server.

To add an ArcSight server:

Open Manage.
Select Configuration > ESM Integration > ArcSight Integration.
Select the Enable ArcSight Integration check box.

Screen shot of ArcSight integration page in Manage

Click Add ArcSight Server.
Configure these options:

ArcSight Server IP Address / Hostname — IP address or host name of the ArcSight Server the Wi-Fi Cloud communicates with.
Port Number — Port number of the ArcSight Server to which data is sent.
CIP — If you use a Cloud Integration Point on your network, select a CIP-enabled WatchGuard AP that you want to use to communicate with Wi-Fi Cloud.
Enabled — Click this check box to enable CEF messages and audit logs generated by Wi-Fi Cloud to be sent to the ArcSight Server.
Forward Events — Send CEF messages to the ArcSight Server.
Forward Audit Logs — Send audit log messages to the ArcSight Server.

Screen shot of the ArcSight configuration in Manage

Click OK to save the changes.

Current Status displays the status of the ArcSight integration service.

Running — The service is running.
Stopped — The service has stopped.

If the host name of the server cannot be resolved, the status displays an error: "Cannot resolve hostname for one or more destination servers”.

© 2020 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries. All other tradenames are the property of their respective owners.