PMS integration with ArcSight ESM (SIEM)


PMS integration with ArcSight ESM (SIEM)

We are running PMS10.20 on Windows 2008R2 and are deploying ArcSight ESM for central log management and correlation. How can I best send the logging from PMS to ArcSight? Syslog, SNMP or text file based would be easiest.


I have found C:\Program Files (x86)\F-Secure\Management Server 5\data\h2db\fspms.h2.db which ArcSight should be able to collect the logs from. Has anyone tried this yet?


Re: PMS integration with ArcSight ESM (SIEM)



I think you should NOT use the F-Secure central management itself, rather:


In F-Secure Policy Manager centralized control, you can configure the clients (F-Secure Management Agent component) to also log directly into SNMP and / or syslog.


Best Regards: Tamas Feher, 2F 2000 Kft., Hungary.