Arcsight Remote Connector Error: Permission Denied

Hi,

I'm currently trying to set up a remote connector for ArcSight, specifically the Arcsight ESM Connector, on a remote agent, and am getting the following error:

Unable to create Done folder: [Errno 13] Permission denied: '/opt/siem'

We ran all the commands on the VM which the remote agent is running on as detailed in the documentation linked below, as well as verified that the 'siem' directory that contains the correlations folder has the right permissions :

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/arcsight

Has anyone encountered this before, and have a potential workaround to the problem?

Page 1 / 1

Missing permission to create the "Done" folder under /opt/siem, are you able to pre-create the folder.

Also some other foleders to take note.

self.error_folder = os.path.join(self.siemshare_path, "Error")

self.done_folder = os.path.join(self.siemshare_path, "Done")

self.sliced_folder = os.path.join(self.siemshare_path, "Slice Original")



        try:

            # Make Done folder if doesn't exist

            if not os.path.exists(self.done_folder):

                os.makedirs(self.done_folder)

        except Exception as e:

            self.logger.error("Unable to create Done folder: {}".format(str(e)))

            self.logger.exception(e)

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded