Integration Resources

Whitepapers:

• SharePoint Audit Logging with HP ArcSight & LOGbinder for SharePoint
• Exchange Audit Logging with HP ArcSight & LOGbinder for Exchange
• Comparison: ArcSight Connector for SharePoint DB and LOGbinder for SharePoint
• Comparison: ArcSight Connector for SQL Server Audit and LOGbinder for SQL Server
• Comparison: ArcSight Connector for Exchange PowerShell and LOGbinder for Exchange

Content Packs - Active channels, dashboards, reports, alerts and filters:

• ArcSight Content Pack for LOGbinder for SharePoint
• ArcSight Content Pack for LOGbinder for SQL Server
• ArcSight Content Pack for LOGbinder for Exchange

Documentation:

• ArcSight CEF Configuration Guide
• ArcSight ESM Product Brief

LOGbinder and ArcSight Enterprise Security Manager: Better Together

Until now, some application security intelligence, such as those from SharePoint, SQL Server, and Exchange, was off limits to SIEMs – including HP ArcSight products.

LOGbinder bridges the gap between these products and HP ArcSight's ESM. LOGbinder is an HP Enterprise Security partner and has achieved CEF certification.

LOGbinder for SharePoint, LOGbinder for SQL Server, and LOGbinder for Exchange can send SharePoint, SQL Server, and Exchange audit log events (respectively) directly to HP ArcSight via CEF over Syslog.

Our pre-built content package for ArcSight includes:

• Active channels
• Dashboards
• Rules
• Reports
• Filters

Making use of the pre-built package makes integrating LOGbinder and HP ArcSight a plug-n-play process.

Within minutes you can have application security intelligence about SharePoint, SQL Server, and Exchange appearing on ESM dashboards.

Check out some of the whitepapers Randy Franklin Smith, CTO of LOGbinder, has published:

• SharePoint Audit Logging with HP ArcSight & LOGbinder for SharePoint: LOGbinder is the only recognized solution for providing reliable audit information about the security events of SharePoint via HP ArcSight. This deep dive whitepaper explains all of the various logs in SharePoint and how LOGbinder is the only solution to monitoring SharePoint with ESM.
• Exchange Audit Logging with HP ArcSight & LOGbinder for Exchange: There is frequent confusion about the difference between the connectors already available from ArcSight for Exchange and LOGbinder for Exchange. Make sure you understand the difference. It’s important. This deep dive whitepaper explains some of the various logs in Exchange and how LOGbinder is the only solution to monitoring Exchange with ESM.

The following thumbnails show just how easy it is to configure LOGbinder to send to ArcSight via CEF:

Views, deletes, permission changes, added users and groups, and much more activity within SharePoint can now be reported on, alerted on, and archived with HP ArcSight products.

Here are some screenshots of the pre-built content in ESM:

• For LOGbinder for SharePoint:
• For LOGbinder for Exchange: