Transformation hub - How to configure connector ESM network/mapping

Hi,

I think subject is self-explanatory.  I am running CDF with TH for few months, testing playing with it.

But I can not find out how to configure connector configuration which I was able to configure via esm java console in past. Right click on connector -> Configure -> Networks to assign assign network to proper zone, fill network model

Or how to configure device specific mappings. In java esm console it was simply Right click on connector-> Send command -> Mapping -> Map Additional data names...

How to do that if connectors are not connected to ESM directly? I receive events only via TH.

Thank you

 

 

  • Verified Answer

    Dont you need to create a AUP destination from Connector to ESM? Filter out all events so its just a "comman and control" channel from ESM to the Connector...

     

  • That should work, I will test.

    Although one of the reason why I want use CDF is that i will send events with one destination (connector -> cef -> TH will transform to avro -> ESM ). Less destinations less maintenance/resources. But in case of "comman and control" destination it will be just about maintenance.

    I was thinking if there is no other way. I guess no.

  • Yep, buts only c&c channel, no events, so try not to think of it as a "destination". 

    HTH

    Shane.

  • Hello Martyn, 

     

    starting with TH 3.4 and Smart Connector 8.1 you can send directly events in avro format to TH.

    Smart Connector ( th-arcsight-avro ) - ---> TH <---- ( th-arcsight-avro as scubscriber) ESM.

     

    Best Regards, 

     

    Daniel

  • Hello Daniel,

    we have have multitenant environment, with multiple loggers and ESM.

    I want keep one CEF destination for events on connectors. On TH i plan to route events based to different topics, each logger will pick events from separate topic. ESM will just pick data from esm-filtered-avro topic.

    It is easier to have one configuration for all connectors. Also I like that less resources heavy on connectors. TH is easier to scale.

    Is there any benefit of generating avro event directly on connectors? Maybe i am missing something.

  • today i was trying to configure it. But it looks like it doesn't work like that, at least not for network model.

    I did these steps:

    1, register connector to ESM, filter out events, configured it as master aup.

    2. Configure zones, network, customer for connector

    3. I check if zones are mapped to events (from TH), it did not worked.

    4 change destination configuration on connector, i disabled filter out events

    5. check events if zones are assigned correctly  to events coming directly from connector. Zones were assigned  correctly. I could even see coming same events in pair one from TH and one from connector, only connector has zone assigned correctly.

     

    I have few possible explanation for that behavior.

    1.  Zone information is set per destination here in post as user MarkR1 user mentioned
    2. I send events from connector to TH in CEF format, Could it be that CEF strip zone information ( I guess no)
    3. I did something wrong, i will continue tomorrow.
  • Zone information is set per destination <-- i think this is correct

    i noticed that there is current/user/agent/aup/<agent_id>/ per each destination with aup files.

    ESM destination contain user-zone-mappings.aup I guess this need to copied to TH  folder, like

    current/user/agent/aup/<ESM_agent_id>/user-zone-mappings.aup  --> current/user/agent/aup/<TH_agent_id>/ 

     

    I had typo in customer uri all the time.

  • Finally it was working.
    First time I was testing i had typo in customer uri, which caused that zones were not mapped.