Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
193 views

How to check my context update version and how to update it?

Jump to solution

How can I check my Arcsight context version applied on my ESM?

And if there is a new release, how is the update process?

For example, I downloaded the file "Arcsight_Context_Update_January_2021.0127_052004.zip". There are 3 files inside (ipdataV6.mmdb.new, sensor_signatures.csv.arc.new and vulnerability_signatures.csv.arc.new).

I should overwrite the oldest files with the new files and is that all?

Thanks in advance for your explanation.

0 Likes
1 Solution

Accepted Solutions
Fleet Admiral
Fleet Admiral

Hello , 

 

from the same portal where you got the file there should be an ContextReleaseNotes_20210127.pdf. Inside of the files you will find the steps.

But for everyone how do not have access to the portal and do not have the subscription i am summarize them:

...........................

Applying Context Updates in ArcSight Manager


Important: Make sure the version on the ArcSight Manager meets the version requirements listed at the beginning of this document.


1. Copy the upgrade ZIP file listed above to the directory $ARCSIGHT_HOME/config/server on the ArcSight Manager.

2. Verify that the md5 checksum is correct.

3. Unzip it in $ARCSIGHT_HOME/config/server, replacing the existing files with the unzipped files.

4. Verify the files with their MD5 checksums:


-  Sensor signatures.csv.arc.new (md5: 4ad1557d216a8f18bb7804727919c349)
-  vulnerability_signatures.csv.arc.new (md5: f82c2a0abe692b3e4401b1afa43897bb)
-  ipdataV6.mmdb.new (md5: 054060ed722b9ada71f373a92ead26b4)

Note: From June 2020 and on, the geographical information update only contains an ipdataV6.mmdb file. This file includes both IPv4 and IPv6 updates. For ESM 7.0 or higher versions, restart ArcSight Manager to get the latest updates.

Verifying the Context Update Installation on the ESM Manager


After you have completed unzipping the files mentioned in step 3 above, all the newly unzipped files are renamed and the file extension ".new" is removed. The files from the previous release will be automatically renamed by ESM and will have a timestamp appended to their names. They are saved in the same directory as the unzipped files. You can confirm the update has been successfully applied on the ESM Manager by checking the timestamped files from the last release, and the three new files that were unzipped. ESM Manager will use the new files until the next release update.

..............................................

 

By the way the new context update has been released "Arcsight_Context_Update_February_2021.0211_125441.zip"

Best Regards, 

 

Daniel

View solution in original post

2 Replies
Fleet Admiral
Fleet Admiral

Hello , 

 

from the same portal where you got the file there should be an ContextReleaseNotes_20210127.pdf. Inside of the files you will find the steps.

But for everyone how do not have access to the portal and do not have the subscription i am summarize them:

...........................

Applying Context Updates in ArcSight Manager


Important: Make sure the version on the ArcSight Manager meets the version requirements listed at the beginning of this document.


1. Copy the upgrade ZIP file listed above to the directory $ARCSIGHT_HOME/config/server on the ArcSight Manager.

2. Verify that the md5 checksum is correct.

3. Unzip it in $ARCSIGHT_HOME/config/server, replacing the existing files with the unzipped files.

4. Verify the files with their MD5 checksums:


-  Sensor signatures.csv.arc.new (md5: 4ad1557d216a8f18bb7804727919c349)
-  vulnerability_signatures.csv.arc.new (md5: f82c2a0abe692b3e4401b1afa43897bb)
-  ipdataV6.mmdb.new (md5: 054060ed722b9ada71f373a92ead26b4)

Note: From June 2020 and on, the geographical information update only contains an ipdataV6.mmdb file. This file includes both IPv4 and IPv6 updates. For ESM 7.0 or higher versions, restart ArcSight Manager to get the latest updates.

Verifying the Context Update Installation on the ESM Manager


After you have completed unzipping the files mentioned in step 3 above, all the newly unzipped files are renamed and the file extension ".new" is removed. The files from the previous release will be automatically renamed by ESM and will have a timestamp appended to their names. They are saved in the same directory as the unzipped files. You can confirm the update has been successfully applied on the ESM Manager by checking the timestamped files from the last release, and the three new files that were unzipped. ESM Manager will use the new files until the next release update.

..............................................

 

By the way the new context update has been released "Arcsight_Context_Update_February_2021.0211_125441.zip"

Best Regards, 

 

Daniel

View solution in original post

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Thank you Daniel for your help!!

Very clear explanation!!👍

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.