This repository allows those interested in writing a custom connector to view existing scripts, as well as providing a rudimentary version control system.
Specific Comments
H/T Eric Gustavson:
A few notes: - \\ - In *regular* regular expressions the whitespace character is: \w - In arcsight regex, it's: \\w - Arcsight rule of thumb: make every backslash a double backslash - __stringConstant("asdf") - You will need to use this function to declare that your string constant is indeed a string constant, which is required for ArcSight 'String' fields. Go figure. - The flexconnector documentation covers most of this, but probably won't help you put the pieces together from scratch very well - The filename is important. The '1' in the filename is the SNMP trap type. --Eric