Data sheet

HP ArcSight SmartConnector
supported products
The HP ArcSight library of out-of-the-box SmartConnectors provides source-optimized
collection for leading security commercial products. These products span the entire stack of
event-generating source types, from network and security devices to databases and enterprise
applications. SmartConnectors are the default listing in this document.

In addition to SmartConnectors developed and maintained by HP ArcSight, we test and certify

the following connector types through our Technology Alliances Program:
Common event format (CEF) Certifiedhelps ensure event information is captured properly
in the CEF
Action Certifiedallows for control of a vendors technology from within the HP ArcSight Console
Common event format are in bold below and Action are Italicized. If they have both they are
bold and Italicized.

HP ArcSight SmartConnector supported Application security

platform for installation Arxan GuardIT
CentOS Bit9 Parity
Microsoft Windows XP Professional (SP3) CA Layer 7 SecureSpan/CloudSpan
32-bit Gateway
Microsoft Windows Server 2003 R2 (SP2) McAfee Application Control (Solidcore)
32/64-bit RSA Silver Tail Systems Forensics
Microsoft Windows Server 2008
SP2 32/64-bit Clinical/Healthcare applications
Microsoft Windows Server 2008 FairWarning
R2 SP1 64-bit
Microsoft Windows Server 2012 Cloud
Standard 64-bit Box
Red Hat Enterprise Linux (RHEL) 6.4 64-bit CloudPassage Halo
SUSE Linux 11 Enterprise Server 64-bit FlexConnector for REST
Oracle Solaris 10 64-bit Zscaler Nanolog Streaming Service (NSS)
IBM AIX version 7.1 64-bit
Content security
Anti-virus/Anti-spam Aladdin eSafe Gateway
F-Secure Anti-Virus Barracuda (NetContinuum Web Firewall)
Kaspersky Anti-Virus McAfee Email and Web Security Appliance
McAfee VirusScan Enterprise McAfee Web Gateway
Sophos Proofpoint Enterprise Protection and
Sybari Antigen for Microsoft Exchange Enterprise Privacy
Symantec Endpoint Protection Manager Puresight Content Filter
(SEPM) DB SEP 12 Secure Computing Webwasher
Symantec Mail Security for Microsoft Trend Micro Control Manager
Exchange Trend Micro InterScan Messaging Security
Trend Micro (TM) OfficeScan (Control (Control Manager)
Manager and TM Control Manager Trend Micro InterScan Web Security
Database[DB]) (Control Manager)
Multiple DB (Control Manager)
Database Activity Monitoring (DAM)/
Applications DBsecurity
IBM WebSphere Trustwave Application Security DbProtect
iT-CUBE agileSI SAP IBM InfoSphere Guardium
Oracle WebLogic Server (BEA) Imperva SecureSphere
SAP enterprise resource planning (ERP) Oracle (Secerno DataWall)
Microsoft SharePoint Server DB McAfee Sentrigo HedgeHog
(Enterprise and vPatch)
Data sheet | HP ArcSight SmartConnector
supportedproducts
Database
IBM DB2
IBM DB2 UDB Audit File, version 10
IBM DB2 UDB Audit File, Multiple Instance
Microsoft SQL
Oracle Audit DB
Oracle Audit Vault
Oracle Audit Syslog, version 11gR2
Oracle Audit XML11gR2
Sybase Adaptive Server Enterprise
Data leak prevention
Fidelis XPS
GTB Inspector
McAfee Host Data Loss Prevention
Endpoints (HDLP)
Symantec DLP (Vontu)
Verdasys Digital Guardian
Data security
CyberArk Inter-Business Vault
CyberArk Sensitive Document Vault
HP Atalla Network Security
Processor(NSP)
Ingrian
Vormetric Data Security Manager
Vormetric Data Firewall
JBoss Security Auditing File 7.1
Firewall
Check Point FW-1
Cisco PIX Firewall
Cisco PIX/ASA Syslog, version 8.5, 8.6
F5 BIG-IP Application Security Manager
Juniper Networks (Altor Networks
Virtual Firewall)
Juniper Network Security Manager
(NetScreen)
Juniper Network Security Manager Syslog,
version 2011.4
Juniper Networks Firewall and VPN
Lucent Managed Firewall
McAfee Desktop Firewall
Secure Computing Gauntlet Firewall/VPN
Honeypot
HoneyD
Intrusion Detection System and Intrusion
Prevention Systemhost-based
IBM BlackICE Server Protection
(IBMSecurity SiteProtector System)
NFR Security HID
Symantec Critical System Protection
Database
Tripwire Manager
Tripwire Enterprise
IDS/IPSnetwork-based
Broadweb NetKeeper
Bro IDS
Bro IDS NG File
Cisco IPS Sensor
Cisco Secure IDS
Cisco WIPS SNMP
CounterSnipe
Enterasys Dragon
HP TippingPoint Security Management
System (SMS)
IBM RealSecure Server Sensor
IBM RealSecure Workgroup Manager
IBM Proventia IPS Appliance (SiteProtector)
Juniper Networks IDP (NetScreen)
McAfee Network Security Manager
(Intru Shield)
NFR Central Management Server
NFR Security NID
NitroSecurity IPS
PacketAlarm IDS
Radware DefensePro
Snort
Sourcefire Intrusion Sensor
Sourcefire Defense Center management
console
Sourcefire Defense Center eStreamer,
version 5.0.2, 5.1
Sourcefire Real-time Network Awareness
(RNA) Sensor
Top Layer Attack Mitigator
IDM, IAM, and identity security
ActivCard AAA Server DB
RSA Aveksa
BeyondTrust PowerBroker
Cisco Secure Access Control Server (ACS)
CyberArk Privileged Identity
Management (PIM) Suite
CyberArk Privileged Session Management
(PSM) Suite
FoxT ServerControl
IBM Tivoli Access Manager
Juniper Steel-Belted Radius (SBR)
Lieberman Software Enterprise Random
Password Manager (ERPM)
Microsoft Active Directory
Microsoft Forefront
Microsoft Forefront DB
Microsoft Network Policy Server
Novell Nsure Audit
ObserveIT Enterprise
Oracle Sun ONE Directory Server
VMware PacketMotion PacketSentry
Ping Identity PingFederate
Quest ChangeAuditor DB
RSA Authentication Manager
RSA Access Manager (ClearTrust)
Secure Computing SafeWord PremierAccess
Securonix
SpectorSoft Spector 360 Export Service
Thycotic Secret Server

2
Data sheet | HP ArcSight SmartConnector
supportedproducts
Integrated security FireEye Malware Protection
Barracuda Spam Firewall System(MPS)
Cisco ASA 5500 FireEye Mandiant Intelligent Response
Fortinet FortiGate Guidance EnCase
HP TippingPoint Next-Generation HBGary Active Defense
Firewall (NGFW) Lastline Enterprise
Palo Alto Networks PAN-OS Proofpoint NetCitadel ThreatOptics
Secure Computing Sidewinder TaaSera TaaS NetAnalyzer
SonicWALL Triumfant Resolution Manager
Stonesoft StoneGate
Network access control
IT operations ForeScout CounterACT
HP Operations Manager (OM and OMi) Mirage Networks CounterPoint
HP OpenView Operations (OVO) Portnox Portnox

Log consolidation and analysis Network behavior anomaly

Cisco Security Monitoring, Analysis, and Arbor Networks Peakflow
Response System (MARS) Lancope StealthWatch
Enterprise IT Security SF-RiskSaver Mazu Profiler
LOGbinder SP Qosmos DeepFlow Security
Quest InTrust (fka Aelita Event
Manager[AEM]) Network forensics
Qualys QualysGuard File, version 7.1 Narus nSystem
NIKSUN NetDetector
Mail filtering RSA NetWitness
Cisco IronPort Email Security Appliance AccessData CIRT
McAfee Email Gateway (Secure
Computing IronMail) Network management
McAfee Security for Email Servers CiscoWorks
(GroupShield) Cisco Wireless LAN Controller Syslog
MessageGate HP Network Node Manager i SNMP
Symantec Messaging Gateway Lumeta Enterprise Situational
(MailSecurity 8200 Series) Intelligence (ESI)
Lumeta IPsonar
Mainframe
CA Top Secret Network monitoring
Enterprise IT Security SF-Sherlock ISC DHCP
Enterprise IT Security SF-NoEvasion ISC BIND
IBM OS/390 (NVAS) Microsoft Operations Manager DB (MOM)
IBM OS/390 (SDSF) Microsoft System Center Operations
Helpsystems PowerTech Interact Manager (SCOM) DB
Type80 SMA_RT for RACF Microsoft System Center Configuration
Type80 SMA_RT for CA Top Secret Manager DB
IBM AS/400 Microsoft DHCP
Microsoft DNS
Mail server Microsoft WINS
IBM Lotus Notes Domino Enterprise Server
Microsoft Exchange Network traffic analysis
Microsoft Exchange PowerShell Cisco NetFlow/Flexible NetFlow
Microsoft Forefront for Exchange Server NetScout nGenius
Microsoft Forefront Protection Server FireEye nPulse Hammerhead
Management Console DB QoSient Argus
InMon sFlow
Malware detection Blue Coat Solera Networks DeepSee
AhnLab Malware Defense System (MDS) TCPdump
Damballa CSP
Damballa Failsafe Network traffic management
Cisco Distributed Director for Cisco 4500
Bro IDS

3
Data sheet | HP ArcSight SmartConnector
supportedproducts
Operating systems
IBM AIX Operating System
HP OpenVMS
HP-UX Operating System
HP-UX Syslog, version 11i v3
Microsoft Windows 7/NT/2000/2003/
XP/2008 Server/Vista
Microsoft Windows Event Logunified,
SQL Server 2012 for SQL Server audit
Red Hat Linux
Snare for Microsoft Windows
Solaris Basic Security module (BSM)
UNIX
SaberNet NTSyslog
HP NonStop servers (XYPRO
Merged Audit)
Packet capture
Ixia Anue Net Tool Optimizer
Physical systems/security
RedCloud (PlaSec)
Policy management
McAfee Policy Auditor
NetIQ Security Manager
Solsoft Policy Server
Router
Cisco Router
Juniper Router (JUNOS)
HP H3C Comware Platform
Security management
Enterasys Dragon Server
IBM SiteProtector
iSIGHT ThreatScape API
Lookingglass ScoutVision
McAfee ePolicy Orchestrator (ePO)
McAfee Network Security Manager DB
McAfee Rogue System Detection (via ePO)
Microsoft Audit Collection Services
Network Vulnerability Advisor
Symantec Enterprise Security
Manager(ESM)
Storage
NetApp filer (FAS)
EMC Celerra
Switch
Cisco Catalyst
Cisco CSS 11500 Series Content
ServicesSwitches
Cisco NX-OS
For additional information on HP ArcSight Foundry Networks BigIron
SmartConnector, visit the user community HP Ethernet switch
website on Protect724 (need Protect724 login): HP Networking Syslog
protect724.hp.com/community/arcsight/
productdocs/connectors.
4
Virtualization
CounterTack Event Horizon
VMware ESX/ESXi Server
VMware Virtual Center
VPN
Check Point VPN-1
Cisco VPN Concentrator
Citrix Access Gateway
Juniper/NetScreen (Neoteris) SSL VPN
Nortel Contivity Extranet Switch
Vulnerability assessment
eEye REM Security Management Console
eEye Retina Network Security Scanner
Harris STAT Scanner
IBM Internet Scanner
McAfee Vulnerability Manager (FoundScan)
nCircle IP360 Device Profiler
nCircle IP360 Threat Monitor
Nmap
Open Vulnerability and Assessment
Language (OVAL) Standard
QualysGuard
Rapid 7 Nexpose
Tenable Nessus
SAINT Vulnerability Scanner
Web cache
Blue Coat Proxy SG Series
Microsoft Internet Security and
Acceleration(ISA)
Squid Web Proxy Cache
Web filtering
Cisco IronPort Web Security Appliance
Websense Web Security Suite
Web server
Apache
Microsoft Internet Information Services (IIS)
Sun ONE
Wireless
AirDefense Guard
AirMagnet Enterprise
AirTight SpectraGuard
Aruba WLAN Mobility Controller
Cisco Mobility Services Engine
Data sheet | HP ArcSight SmartConnector
supportedproducts

HP ArcSight SmartConnector list

The HP ArcSight library of out-of-the-box SmartConnectors provides source-optimized
collection for leading security vendor commercial products. These products span the entire
stack of event-generating source types, from network and security devices to databases and
enterprise applications. Company/Product is the default listing in this document but it links to
the overall SmartConnector and CEF documents.

ActivCard AAA Server DB eEye REM Security Management Console

AirDefense Guard eEye Retina Network Security Scanner
AirMagnet Enterprise EMC Celerra
Aladdin eSafe Gateway Enterasys Dragon
Apache Enterasys Dragon Server
Arbor Networks Peakflow FlexConnector for REST
Aruba WLAN Mobility Controller Fortinet FortiGate
Barracuda Spam Firewall Foundry Networks BigIron
Barracuda (NetContinuum Web Firewall) F-Secure Anti-Virus
Blue Coat Proxy SG Series Harris STAT Scanner
Box HP Ethernet switch
Bro IDS HP H3C Comware Platform
Bro IDS NG File HP OVO
Broadweb NetKeeper HP OpenVMS
CA Top Secret HP OM and OMi
CentOS HP Networking Syslog
Check Point FW-1 HP TippingPoint SMS
Check Point VPN-1 HP-UX Operating System
Cisco ASA 5500 HP-UX Syslog, version 11i v3
Cisco Catalyst IBM AIX Operating System
Cisco CSS 11500 Series Content IBM AIX version 7.1, 64-bit
ServicesSwitches IBM BlackICE Server Protection
Cisco Distributed Director 4500 IBM DB2
Cisco IPS Sensor IBM DB2 UDB Audit File, Multiple Instance
Cisco IronPort Email Security Appliance IBM DB2 UDB Audit File, version 10
Cisco IronPort Web Security Appliance IBM Internet Scanner
Cisco Security MARS IBM Lotus Notes Domino Enterprise Server
Cisco Mobility Services Engine IBM OS/390 (NVAS)
Cisco NetFlow/Flexible NetFlow IBM OS/390 (SDSF) Type80 SMA_RT
Cisco NX-OS forRACF
Cisco PIX Firewall IBM Proventia IPS Appliance (SiteProtector)
Cisco PIX/ASA Syslog, version 8.5, 8.6 IBM RealSecure Server Sensor
Cisco Router IBM RealSecure Workgroup Manager
Cisco ACS IBM Security SiteProtector System
Cisco Secure IDS IBM SiteProtector
Cisco Security Agent (Okena) IBM Tivoli Access Manager
Cisco WIPS SNMP IBM WebSphere
Cisco Wireless LAN Controller Syslog Ingrian
CiscoWorks InMon sFlow
Citrix Access Gateway ISC BIND
CounterSnipe ISC DHCP
HP Network Node Manager i SNMP JBoss Security Auditing File 7.1

5
Data sheet | HP ArcSight SmartConnector
supportedproducts
Juniper Network Security Manager Microsoft Operations Manager (MOM) DB
(NetScreen) Microsoft SharePoint Server DB
Juniper Network Security Manager Syslog, Microsoft SQL
version 2011.4 Microsoft System Center Configuration
Juniper Networks Firewall and VPN Manager DB
Juniper Networks IDP (NetScreen) Microsoft SCOM DB
Juniper Router (JUNOS) Microsoft Windows 7/NT/2000/2003/
Juniper SBR XP/2008 Server/Vista
Juniper/NetScreen (Neoteris) SSL VPN Microsoft Windows Event Logunified SQL
Kaspersky Anti-Virus Server 2012 for SQL Server audit
Lucent Managed Firewall Microsoft Windows Server 2003 R2 (SP2)
Mazu Profiler 32/64-bit
McAfee Application Control (Solidcore) Microsoft Windows
McAfee Desktop Firewall Server 2008 R2 SP1 64-bit
McAfee Email Gateway (Secure Microsoft Windows
Computing IronMail) Server 2008 SP2 32/64-bit
McAfee ePO Microsoft Windows
McAfee HDLP Server 2012 Standard 64-bit
McAfee Network Security Manager Microsoft Windows XP Professional
(Intru Shield) (SP3)32-bit
McAfee Network Security Manager DB Microsoft WINS
McAfee Policy Auditor Mirage Networks CounterPoint
McAfee Rogue System Detection (via ePO) nCircle IP360 Device Profiler
McAfee Security for Email Servers nCircle IP360 Threat Monitor
(GroupShield) NetApp filer (FAS)
McAfee VirusScan Enterprise NetIQ Security Manager
McAfee Vulnerability Manager (FoundScan) NFR Central Management Server
McAfee Web Gateway NFR Security HID
MessageGate NFR Security NID
Microsoft Active Directory NitroSecurity IPS
Microsoft Audit Collection Services Nmap
Microsoft DHCP Nortel Contivity Extranet Switch
Microsoft DNS Novell Nsure Audit
Microsoft Exchange Oracle Audit DB
Microsoft Exchange PowerShell Oracle Audit Syslog, version 11gR2
Microsoft Forefront Oracle Audit Vault
Microsoft Forefront DB Oracle Audit XML11gR2
Microsoft Forefront for Exchange Server Oracle Solaris 10, 64-bit
Microsoft Forefront Protection Server Oracle Sun ONE Directory Server
Management Console DB Oracle WebLogic Server (BEA)
Microsoft IIS OVAL
Microsoft ISA PacketAlarm IDS
Microsoft Network Policy Server Proofpoint Enterprise Protection and
(WindowsIAS/RADIUS) Enterprise Privacy

6
Data sheet | HP ArcSight SmartConnector
supportedproducts
Puresight Content Filter
QoSient Argus
QualysGuard
Qualys QualysGuard File, version 7.1
Quest ChangeAuditor DB
Quest InTrust (fka AEM)
Radware DefensePro
Rapid 7 Nexpose
RHEL 6.4 64-bit
Red Hat Linux
RSA Access Manager (ClearTrust)
RSA Authentication Manager
SaberNet NTSyslog
SAINT Vulnerability Scanner
SAP ERP
Secure Computing Gauntlet Firewall/VPN
Secure Computing SafeWord PremierAccess
Secure Computing Sidewinder
Secure Computing Webwasher
Snare for Microsoft Windows
Snort
Solaris BSM
Solsoft Policy Server
SonicWALL
Sophos
Sourcefire Defense Center eStreamer,
version 5.0.2, 5.1
Sourcefire Defense Center management
console
For additional information on HP ArcSight Sourcefire Intrusion Sensor
SmartConnector, visit the user community Sourcefire RNA Sensor
website on Protect724 (need Protect724 login): Squid Web Proxy Cache
protect724.hp.com/community/arcsight/
productdocs/connectors.
Sun ONE
SUSE Linux 11 Enterprise Server 64-bit
Sybari Antigen for Microsoft Exchange
Sybase Adaptive Server Enterprise
Symantec Critical System Protection
Database
Symantec DLP (Vontu)
SEPM DB SEP 12
Symantec ESM
Symantec Mail Security for
MicrosoftExchange
Symantec Messaging Gateway
(MailSecurity 8200 Series)
TCPdump
Tenable Nessus
Top Layer Attack Mitigator
Trend Micro Control Manager
Trend Micro InterScan Messaging Security
(Control Manager)
Trend Micro InterScan Web Security
(Control Manager)
Trend Micro OfficeScan (Control Manager
and TM Control Manager DB)
Trend Micro VirusWall (Control Manager)
Type80 SMA_RT for CA Top Secret
UNIX
VMware ESX/ESXi Server
VMware Virtual Center
Vormetric Data Security Manager
Websense Web Security Suite
7
Data sheet | HP ArcSight SmartConnector
supportedproducts

HP ArcSight CEF/Action connector list

In addition to SmartConnectors developed and maintained by HP ArcSight, we test and certify
the following 81 connector types through our Technology Alliance Program:
CEF Certifiedhelps ensure event information is captured properly in the CEF
Action Certifiedallows for control of a vendors technology from within the HP ArcSight Console

Action Certified solutions: CEF Certified solutions: Juniper Networks (Altor Networks
RSA Aveksa AccessData CIRT Virtual Firewall)
CyberArk PSM Suite AhnLab MDS Lancope StealthWatch
ForeScout CounterACT AirTight SpectraGuard Lastline Enterprise Anti-Malware
Guidance EnCase Arxan GuardIT Lieberman Software ERPM
Ixia Anue Net Tool Optimizer BeyondTrust PowerBroker LOGbinder SP
FireEye Mandiant Intelligent Response Bit9 Parity Lookingglass ScoutVision
Proofpoint NetCitadel ThreatOptics CA Layer 7 SecureSpan/CloudSpan Gateway Lumeta ESI
FireEye nPulse Hammerhead CloudPassage Halo Lumeta IPsonar
Securonix RTI CorreLog dbDefender McAfee Email and Web Security Appliance
Blue Coat Solera DeepSee CounterTack Event Horizon McAfee Sentrigo HedgeHog (Enterprise
Verdasys Digital Guardian CyberArk Inter-Business Vault and vPatch)
CyberArk PIM Suite McAfee Stonesoft StoneGate
CyberArk Sensitive Document Vault Narus nSystem
Damballa CSP NetScout nGenius
Damballa Failsafe Network Vulnerability Advisor
Enterprise IT Security SF-NoEvasion NIKSUN NetDetector
Enterprise IT Security SF-RiskSaver ObserveIT Enterprise
Enterprise IT Security SF-Sherlock Oracle (Secerno DataWall)
F5 BIG-IP Application Security Manager Palo Alto Networks PAN-OS
FairWarning Ping Identity PingFederate
FireEye Mandiant Intelligent Response Proofpoint NetCitadel ThreatOptics
FireEye MPS Portnox Portnox
ForeScout CounterACT Qosmos DeepFlow Security
FoxT ServerControl RedCloud (PlaSec)
General Dynamics Fidelis XPS RSA NetWitness
GTB Inspector RSA Silver Tail Systems Forensics
HBGary Active Defense Securonix RTI
Helpsystems PowerTech Interact SpectorSoft Spector 360 Export Service
HP Atalla NSP TaaSera TaaS NetAnalyzer
HP NonStop servers (XYPRO Merged Audit) Thycotic Secret Server
HP TippingPoint NGFW Tripwire Manager & Tripwire Enterprise
IBM InfoSphere Guardium Triumfant Resolution Manager
Imperva SecureSphere Trustwave Application Security DbProtect
iSIGHT ThreatScape API Verdasys Digital Guardian
iT-CUBE agileSI SAP VMware PacketMotion PacketSentry
Vormetric Data Firewall
Zscaler NSS

Sign up for updates

hp.com/go/getupdated Share with colleagues Rate this document

Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only
warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Microsoft, Windows, Windows 7, Windows XP,
Windows NT, Windows Vista, and Windows Server are trademarks of the Microsoft Group of companies. Oracle is a registered trademark of Oracle
and/or its affiliates. RedHat is a registered trademark of Red Hat, Inc. in the United States and other countries. SAP is the trademark or registered
trademark of SAP SE in Germany and in several other countries. UNIX is a registered trademark of The Open Group. Citrix is a registered trademark of
Citrix Systems, Inc. and/or one more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. VMware is a registered trademark or trademark of VMware, Inc. in the
United States and/or other jurisdictions.
4AA5-3404ENW, October 2014, Rev. 2