Recently, I was contacted regarding an SIEM Consultant position involving ArcSight. I was initially interviewed by an agency's IT consultant. After asking me what my achievement at the company was, I told him that I managed to add custom functions to FlexConnectors, which I then shared with the company. Unfortunately, this supposedly IT consultant then misinterpreted what I said, and wrote that I "found a solution to set up Smart Connector, which was then used by the company globally." He asked me the difference between SmartConnectors and FlexConnectors, which I explained to him as well. Despite that, I have no idea how he managed to goof up what I explained.

The next day, this guy called Darren from the company called, and he asked me if I have done any ArcSight implementation for customers, to which I answered. And the following day, the agency's IT consultant called me to say that I did not qualify for the position, because I did not have sufficient ArcSight implementation experience and that I'm only a Technical Support Engineer who only knew how to troubleshoot, configure, etc. This is even though I am certified ACIA (which meant I am certified to perform ArcSight implementations). If TSEs do not know how to implement ArcSight installations, then, heaven help customers! All TSEs have to implement ArcSight installations, because otherwise, we couldn't even troubleshoot customers' ArcSight issues.

I felt quite insulted that I'm told by this Darren who does not know ArcSight that I do not know to implement ArcSight. When I shared this with my ex-colleague, he commented that "you no experience who has?"

Besides, a few months back, when another ex-colleague needed to recommend to a customer for someone to implement ArcSight, who else did he call but me?

For good measure, I'm sharing the world's first instructions on how to develop your own custom ArcSight FlexConnector functions:

Here’s how any Java developer can add their own operations to the FlexConnector framework .

  1. Create a Java project.
  2. Unzip the arcsightagents.jar to d:\arcsightagentsclass
  3. Add external class folder, d:\arcsightagentsclass to the project’s properties, Java Build Path, Libraries, Add External Class Folder.
  4. Create a class that descends from the XXX class, and ends with the suffix YYYY.
  5. ---------------------------------------------------------
  6. ---------------------------------------------------------------------------------
  7. Compile the project.
  8. ---------------------------------------------------------------------------------
  9. ---------------------------------------------------------------------------------

Steps 5-6, 8-9 intentionally blanked out. Let's see if there's someone else in the world who can figure out what I figured out years ago (and I did it without help from ArcSight R&D)