Express Appliances have root access out-of-the box. Why ConnApp don't?

I'd wager that HP would say that on the Express systems the OS is under the client's control but with the ConApp they cover that as they have "tuned it to support better operation of the appliance." Of course, those of us who actually use and understand the product knows that their tuning is nothing but a hassle.

While I understand HP's stance on the modifications I mentioned, there are no steps listed that actually affect the operation or functionality of the ArcSight application. This procedure only allow us to more easily troubleshoot a highly buggy system. This is needed as since HP took over support for ArcSight it has been an unbearable mess. Level 1 and 2 support have a very slight grasp of the application and 0 background in Linux, which is the foundation of all the ArcSight appliances. I've spoken to many ArcSight technicians and they themselves note that lack of understanding their team has. I've closed 85% of my trouble tickets myself. I have a few tickets still opened, for over 4 months, which is surprising because the support tickets have an auto-close setting that kicks in after a week of non-updates (this has been verified by an ArcSight engineer who still works at HP). Now it is generally known that HP has some of the worst technical support around but to make us call in and wait 20 minutes for a code to be able to login to our own systems so we can fix it ourselves is just insane, a feeling shared by your own technical support team.

BTW: my next update is how to make the console connection actually useful vs the ridiculous 10 function system  HP provides that doesn't allow you to fix your systems at all. In fact I'll even note the reason why HP has broken their own system and in some cases made irreparable, because of this.

I'd be curious to know just how many times support has declined a challenge request (it's not like they ask any questions when you request one...).  I'm willing to bet it's very few if not flat out zero.  The whole process always seemed like an unnecessary step to me.

I've never had them decline a request but I've been on hold for 20+ minutes just to get one (though one call I wasn't on hold but listening to two engineers try to figure out how to generate the code). And the UK and US support teams have different procedures when you ask for one. If it was absolutely necessary, which it's not, they could at least put the code request on the support portal so we could login and just get it that way. then we could get it quick and the support team can address issues more directly.

Just needed a challenge response code......

We found exactly the same Brook ... def seems like they've got their own SSHD setup that doesn't use PAM.

Still working on it 😉