Illusive and Micro Focus have partnered in this joint-effort solution to enable native ingestion of syslog from Illusive into ArcSight. The Illusive syslog will parse accordingly into the proper ArcSight fields.

Use cases supported by this integration include:

• Natively creating recommended alarms per the Illusive SIEM Guide
• Providing all of the critical incident information to analysts to allow for efficient triage
• Using default, out-of-the box rule sets within ArcSight
• Configuring custom, specific rules for Illusive:
  • Aggregate multiple events within a single alarm
  • Provide meaningful data when alarms trigger
  • Customize and stack events together using source host/IP or by incident types