Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
1459 views

General Availability of Transformation Hub 3.0, Investigate 2.40, ArcMC 2.92 & SmartConnector 7.13.0

<update #1 on August 5, 2019: ArcSight SmartConnectors Load Balancer 1.4.0 has also been released and is available for download as of August 3, 2019.>

Original Announcement on August 1, 2019:

We are very excited to announce the general availability of Micro Focus ArcSight Transformation Hub 3.0 (formerly known as ‘Event Broker’), ArcSight Investigate 2.40, ArcSight ArcMC 2.92 & ArcSight SmartConnectors 7.13.0.

Here are the new features and improvements.

ArcSight Transformation Hub 3.0 (formerly known as ‘Event Broker’)

  • Supports the latest Container Deployment Foundation (CDF) code-base.
    • The ‘Arcsight Installer’ process is replaced by the native CDF Installer process.
    • Installation uses the latest CDF release, improving stability and manageability from prior CDF releases.
    • Customers can now choose infrastructure size from a single, shared Worker Node to 10 or more nodes.
    • Upgrades to future releases from version 3.0.0 and patches/hotfixes are now supported in the native CDF Installer, using rolling upgrades through the nodes in the cluster.
    • Installation can use a non-root USER.
    • Changing execution parameters results in a rolling stop/restart of cluster pods to enable the new settings.
    • Supports FIPS at the OS level
  • Wizard-based Container Installer - A far-simpler and more intuitive, wizard-based Installer. Fewer initial configuration properties, with appropriate defaults and allows post-deployment reconfigurations.
  • Non-Container Install Option – Supports install into customer-provided and managed Kafka infrastructure.
  • Completely rewritten documentation. A new CDF Planning Guide used to set up the infrastructure OS, network and storage and a reorganized and rewritten Deployment Guide now contain explicit instructions and more samples and diagrams.
  • Due to the adoption of the native CDF Installer, a fresh Transformation Hub install is required

 

ArcSight Investigate 2.40

  • Data ingestion performance improvements to the Vertica Kafka Scheduler now support hundreds of thousands of Events-per-Second ingestion rates in a multi-node Vertica cluster.
  • Significant search speed performance improvements have been achieved
    • Database locale now defaults to case sensitive searching, greatly improving search speeds. While your speed increases may vary, testing has shown improvements between 17 times faster on a 3-node Vertica cluster to 164 times faster on a 14-node Vertica cluster.
    • Hybrid text indexing improvements, including removal of unnecessary columns.
    • More efficient INTEGER column casting results in far less disk storage required for NULL INTEGER values.
  • Support for the latest Container Deployment Foundation (CDF) code-base.
    • The ‘Arcsight Installer’ process is replaced by the native CDF Installer process.
    • Installation uses the latest CDF release, improving stability and manageability from prior CDF releases.
    • Customers can now choose infrastructure size from a single, shared Worker Node to 10 or more nodes.
    • Upgrades to future releases from version 2.40 and patches/hotfixes are now supported in the native CDF Installer, using rolling upgrades through the nodes in the cluster.
    • Installation can use a non-root USER.
    • Changing execution parameters results in a rolling stop/restart of cluster pods to enable the new settings.
    • Supports FIPS at the OS level
  • Wizard-based Container Installer - A far-simpler and more intuitive, wizard-based Installer. Fewer initial configuration properties, with appropriate defaults and allows post-deployment reconfigurations.
  • Completely rewritten documentation. A new CDF Planning Guide used to set up the infrastructure OS, network and storage and a reorganized and rewritten Deployment Guide now contain explicit instructions and more samples and diagrams.
  • Due to the adoption of the native CDF Installer and significant Vertica improvements, a fresh Investigate install is required

 

ArcSight ArcMC 2.92

  • Centralized upgrade of 32-bit Connectors to 64-bit Connectors from ArcMC
  • Address vulnerabilities and update components to latest releases
  • OS Update Patch
  • Refer to the Release Notes for a list of specific customer-reported issues and  features addressed.
  • Now supports the rebranded Transformation Hub component (formerly Event Broker) and its new Kafka Topic names
  • Improved usability, error handling and performance of infrastructure host management
  • Updated components – Updated JRE, OpenSSL and MONIT and security vulnerability fixes

 

ArcSight SmartConnectors 7.13.0

New Device, Component, OS Version Support

  • Tenable Nessus .nessus File 8.3.1
  • Microsoft Windows Event Log – Native
  • Added support for Windows PowerShell in WINC connector for the following log types:
    • Windows Powershell
    • Microsoft-Windows-PowerShell/Operational
  • Oracle SYSDBA Audit Multiple Folder DB version 18c
  • Oracle Audit XML File version 18c
  • Oracle Audit Windows Event Log Native version 18c
  • Oracle Audit Syslog version 18c
  • Oracle Audit DB version 18c
  • Symantec Endpoint Protection DB SEP DB 14
  • McAfee ePolicy Orchestrator DB version 5.3 added support for McAfee Application and Change Control (SolidCore) 6.2
  • Dell ChangeAuditor DB version 6.9
  • Symantec Data Center Security DB version 6.7
  • IBM Site Protector DB added support for Proventia Network Intrusion Prevention System and Security Network Protection
  • MS DHCP File added support for Windows Server 2019

 

Smart Connectors support and/or Improved parsing and mapping for

  • Oracle Unified Audit Trail DB
  • Apache HTTP Server Syslog
  • FlexConnector REST
  • MS Forefront Threat Management Gateway File
  • Symantec Endpoint Protection DB
  • McAfee ePolicy Orchestrator DB
  • Linux Audit Syslog/ Linux Audit File
  • Pulse Secure Pulse Connect Secure Syslog
  • Check Point Syslog
  • McAfee Network Security Manager DB (Time-based)
  • Cisco Secure ACS Syslog
  • Squid Web Proxy Server File
  • Citrix NetScaler Syslog
  • McAfee ePolicy Orchestrator DB
  • McAfee Network Security Manager DB (ID-based)
  • Microsoft Azure Monitor Event Hub
  • Various security fixes, feature updates, and bug fixes.

 

ArcSight Collectors 7.13.0

  • This product will be re-released at a later date. Please watch for a separate announcement at the "ArcSight Product Announcements" page.
  • Please note, if you require this solution sooner than the GA release, please open a Support Ticket by contacting Customer Support.

 

ArcSight SmartConnectors Load Balancer 1.4

  • This product will be re-released at a later date. Please watch for a separate announcement at the "ArcSight Product Announcements" page.
  • Please note, if you require this solution sooner than the GA release, please open a Support Ticket by contacting Customer Support.

 

Downloading Software through Software Entitlement Portal

Please note that all ArcSight Transformation Hub, ArcSight Investigate, ArcSight Management Center and ArcSight SmartConnector customers with active support subscription can upgrade to the latest releases mentioned above. If you own these components individually, then you can access the new software from the software entitlement portal.

ADP / Security Data Platform customers - Please note that, with this release, that name has changed to Security Open Data Platform (SODP).

Documentation can be found as follows:

ArcSight Transformation Hub 3.0

ArcSight Investigate 2.40

ArcSight Management Center (ArcMC) 2.92

ArcSight Smart Connector Framework 7.13.0

If you have any questions, please contact Customer Support.

Thank you,

ArcSight Product Team

5 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: General Availability of Transformation Hub 3.0, Investigate 2.40, ArcMC 2.92 & SmartConnecto

I tried to update a 7.12 SC to 7.13 (ArcSight-7.13.0.8178.0-Connector-Linux64.bin) and got below message [1]

Am I the only one?

Cheers

A

 

[1]

===============================================================================
Previous Installation Found - No Update Possible
------------------------------------------------

A previous installation of an ArcSight SmartConnector was found in the
selected folder, however, ArcSight SmartConnector installer is unable to
update it automatically. Please select a different folder.

PRESS TO ACCEPT THE FOLLOWING (OK):

 

Respected Contributor.. bezchleba@axent1 Respected Contributor..
Respected Contributor..

Re: General Availability of Transformation Hub 3.0, Investigate 2.40, ArcMC 2.92 & SmartConnecto

Hello,

I think, that this error/message appear if you have more than one connector deployed in container. In this case, upgrade should be possible via ArcMC.

We performed some upgrades 7.12 --> 7.13 without problem.

Josef

Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: General Availability of Transformation Hub 3.0, Investigate 2.40, ArcMC 2.92 & SmartConnecto

going to try that... and report back.

so many years of arcsight, and still learning.

A

Knowledge Partner Knowledge Partner
Knowledge Partner

Re: General Availability of Transformation Hub 3.0, Investigate 2.40, ArcMC 2.92 & SmartConnecto

you made my day, it works! ( I removed the second sc, as it was for testing only)

Outstanding Contributor.. mustapha_arakji Outstanding Contributor..
Outstanding Contributor..

Re: General Availability of Transformation Hub 3.0, Investigate 2.40, ArcMC 2.92 & SmartConnecto

Can't download the "cdf-2019.05.00131.zip" file from portal, getting an error, "file could not be downloaded".

Please fix the download link so we can test the product.

Mustapha
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.