ArcSight SmartConnector Build is now available

We are pleased to announce that ArcSight SmartConnector Build is now available for download from the HPE support web site at https://softwaresupport.hpe.com/.


 HP ArcSight is a leading global provider of security and compliance management solutions. ArcSight SmartConnectors provide advanced event and log data collection and processing capabilities to help enterprises and government agencies gain comprehensive visibility and critical insights into their IT infrastructure across all users, networks, datacenters, and applications. SmartConnectors are updated frequently to add support for new devices and event sources as well as new device versions.


  • FIPS: Support added for Microsoft Windows Event Log – Native SmartConnector
  • Amazon Web Services CloudTrail: Added support for ‘us-east-2’ region; Key Management Service (KMS) events and EC2 role-based access
  • Filtering before event Collection: Ability to filter out events before they are counted for licensing by connector.
  • IP Flow Information Export (IPFIX)/IP Flow (NetFlow/J-Flow): A new mechanism is developed for this specific connector to accurately calculate the original byte size for license
  • SNMP Unified:  IP Address of the listening device can now be configured.
  • Syslog NG Daemon Certificates:  Syslog-ng.cert can be replaced with CA or self-signed certificates
  • TCP CEF Syslog Destinations: A parameter has been added to disconnect/reconnect, useful for distributing events evenly when a load balancer is used in a multi-tiered connector installation.


  • Parser update releases and have been integrated into this framework release. These releases contain version updates, fixed issues, and enhancements for SmartConnectors listed below           

Release 7.5.1

  • Cisco ASA Syslog 
  • Cisco IOS Syslog (v15.6)
  • Cisco IronPort Web Security Appliance File (AsyncOS v10 - Apache and Squid formats) 
  •  Cisco ISE Syslog
  • Cisco Wireless LAN Controller Syslog 
  • F5 BIG-IP Syslog (F5 TMOS v12.0, v12.1)
  • Juniper JUNOS Syslog 
  • Microsoft DNS Trace Log Multiple Server File   
  • Microsoft Exchange Message Tracking Log Multiple Server File (Microsoft Exchange Server 2016)     
  • Microsoft Windows Event Log – Native   
  • Proofpoint Enterprise Protection and Enterprise Privacy Syslog (v8.4)   
  • Symantec Endpoint Protection DB (v14: Server Admin Log, Behavior, and Virus categories)   

Release 7.5.2

  • Cisco NX OS Syslog 
  • Cisco Secure ACS Syslog 
  • Juniper JUNOS Syslog 
  • Infoblox NIOS Syslog (v7.2, v7.6)    
  • Microsoft Office 365    
  • Oracle Audit Syslog    
  • Symantec Endpoint Protection DB (v14: System Events) 

 New Device, Component, or OS Version Support

SmartConnector for  New Device, Component, or OS Version  

  • McAfee ePolicy Orchestrator DB  McAfee Endpoint Security (ENS) 10.5 with ePO 5.3  
  • Symantec Endpoint Protection DB 14.0 (Network Threat Protection, Anti-Virus and Anti-Spyware Protection, Scan, Notification Alert, and Server Policy Events)

  New Connector Support 

SmartConnector for New Device, Component, or OS Version

  • Apache HTTP Server Access Multiple File: Replaces the Apache HTTP Server Access File connector, providing the ability to specify multiple files for event collection. Apache HTTP Server versions 1.3 and 2.4 are supported.
  • Cisco IronPort Web Security Syslog:  Provides ability to monitor Web Security appliance events through syslog. Web Security AsyncOS version 9.0 is supported.  
  • IBM Security Access Manager Syslog:  Replaces the IBM Tivoli Access Manager connectors to monitor protected information and resources as well as authentication, authorization, data security, and resource management capabilities. ISAM versions 8.0 and 9.0 for audit and system logs are supported.
  • McAfee Web Gateway Syslog Provides ability to monitor Web Gateway events through syslog for protection against web-born threats. Web Gateway version 7.6 for Access Log is supported. Sun ONE Web Access Multiple Server File   Replaces the Sun ONE Web Access File connector, providing the ability to specify multiple files for event collection. Sun ONE Web Access Server Version 6.0 SP8 is supported.

 There are many more issues fixed and enhancement delivered with this release.  Please read the SmartConnector Release Notes additional information.

 You can find documentation and release notes on Protect 724  here.

 If you have any questions, please contact Customer Support at: https://softwaresupport.hpe.com/

 Thank you,

 The HPE Security ArcSight SmartConnector Product Team

Labels (4)
Tags (2)
1 Reply
Vice Admiral Vice Admiral
Vice Admiral

This is weeks old right?

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.