About the Arcsight integration#


The EclecticIQ Platform is a Threat Intelligence Platform that provides threat analysts, incident analysts, security analysts, fraud analysts and risk analysts with a comprehensive workspace for cyber threat management, analysis and collaboration.

It gives analysts a single view of relevant intelligence from open sources, ISACs, commercial services and government entities.

The EclecticIQ Platform performs automatic normalization, consolidation, enrichment and integration, so that analysts can focus on discovery and analysis.

Comprehensive workflows allow analysts to propagate defensive measures to the Security Devices, such as SIEM’s.

CEF connector Configuration Guide#

This document is provided for informational purposes only, and the information herein is subject to change without notice.

Please report any errors herein to Micro Focus. Micro Focus does not provide any warranties covering this information and specifically disclaims any liability in connection with this document.

Certified CEF#

The event format complies with the requirements of the Micro Focus ArcSight Common Event Format.

The Micro Focus ArcSight CEF connector will be able to process the events correctly and the events will be available for use within Micro Focus ArcSight product.

In addition, the event content has been deemed to be in accordance with standard SmartConnector requirements.

Revision history#



26 Oct 2016

First edition of this Configuration Guide

04 Nov 2016

Revised by Perceptive Security

22 Nov 2016

Second revision by Perceptive Security

30 Nov 2019

Revised by EclecticIQ

21 Jul 2020

Revised by EclecticIQ

CEF Connector Support Information when an issue is outside of the ArcSight team’s ability

In some cases the ArcSight customer service team is unable to help with issues that lie within the configuration itself in which case, the certified vendor should be contacted for assistance:

EclecticIQ Customer Support:

Phone: +31 (0)20 737 1063

Email: arcsight@eclecticiq.com

Any support question can be directed preferably via email first to the above address.