Select correlation events for ArcSight ESM event ingestion integration

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Based on the ArcSight ESM source and the Query Viewer configured, select a correlation event rule for the profile.

    Vorbereitungen

    Role required: sn_si.admin

    Warum und wann dieser Vorgang ausgeführt wird

    View the available correlation events listed in the Correlation Event Selection in your ServiceNow AI Platform instance so you can determine which correlation events you want to ingest and create security incidents. You can only select one correlation rule type from the list for each profile.

    The Query Viewer ID and the Query Viewer Name as specified in the Query Viewer form is displayed. Select a correlation event from the list that you can use to create a configuration mapping for the ingested correlated event.

    Click on the drop down list in the Correlation Events List field. A list of correlation events that are present in the ArcSight ESM Query Viewer Console is displayed.

    Click Continue to proceed to the next step in the wizard.