Integration with ArcSight
This guide is written to assist Delinea customers with the task of easily integrating event data in ArcSight.
You can leverage the Delinea Add-on for ArcSight to normalize Delinea events in ArcSight so that you can view Centrify Server Suite events when you use the ArcSight Console. For example, a sample event payload for an event named, Run as role failure, looks like this:
Copy
Apr 19 17:19:46 member.centrify.vms dzagent[1404]: WARN AUDIT_TRAIL|Centrify Suite|DirectAuthorize - Windows|1.0|18|Run as role failure|7|user=dwirth@centrify.vms userSid=S-1-5-21-3883016548-1611565816-1967702834-1107 sessionId=3 centrifyEventID=6018 role=ROLE_SYSTEM_Archt/Global desktopguid=9766a262-c07b-4dbc-bad7-8a48d1fa3983 command=C:\\Program Files\\Centrify\\DirectManage Audit\\AuditManager\\Centrify DirectManage Audit Manager.msc reason=The user name or password is incorrect desktopname=Default networkroles=ROLE_SYSTEM_Archt/Global passwordprompted=TrueThis integration guide applies to the following ArcSight versions and Centrify Server Suite releases:
| ArcSight Versions | Centrify Server Suite Releases | |
|---|---|---|
| Enterprise Security Manager (ESM) 6.8.0 | 2016 | |
| ESM Console 6.8.0 | 2016.1 2016.2 2017 2017.1 2017.2 2017.3 |
ArcSight Components
The following diagram illustrates the ArcSight components that interact with the Centrify Add-on for ArcSight:
