Guest post by Viktor Doundakov, Product Manager
The Micro Focus release of ArcSight Data Platform (ADP) 2.31 gives you a significant service pack that delivers more than just patches and quality fixes to your Security Operations Center (SOC). It presents two new important features in the areas of data source monitoring and enhancements to the QuickFlex authoring tool.
In this latest release, ArcSight Management Center now lets you monitor the events per second (EPS) throughput coming from your data sources. This gives you increased insight on detecting spikes, as well as lack of activity that indicates a data source might be down, allowing you to better monitor your log connections.
The QuickFlex authoring tool has been updated to let you verify whether or not the sample logs from a vendor’s device are CEF-compliant by adding validations and in certain cases allowing corrections. This includes validating that CEF header fields and CEF field names extensions are correct, changing CEF keys to match the type in the line extensions, verifying field types, and generating a report on the correctness of CEF fields, as well as names and changes made to CEF extensions.
These new features in ADP augment several other enhancements made a few months earlier in the ADP 2.30 release that increase the overall scalability and openness of ADP.
Topping the list of the 2.30 features is the Syslog Collector and Connector in Event Broker, or CEB for short. With CEB you can gain increased speed, scalability, and robustness by moving parsing and normalization processes from collectors and connectors into your Event Broker cluster powered by Kubernetes.
Additionally, Apache MirrorMaker has been certified to integrate with ArcSight Event Broker, letting you create multi-cluster Event Broker deployment layouts for even more scalability and routing flexibility of your enterprise data flows, as well as additional high availability and disaster recovery options for your data.
Guest Data entitlement is another example of openness of ADP, which allows you to use your Event Broker environment to pass through non-security data to other sources without it impacting your license utilization. Together with the ArcSight SecureData Add-on for ADP added in a previous release, the new Secure Data Re-identification user interface in Logger further helps you with your GDPR privacy efforts, while strengthening your data security posture.
These are just a highlight of some of the major new features in ADP 2.31 and 2.30. If you want to learn more about these and other new features, talk to your Micro Focus sales rep or contact us directly. Also, watch for upcoming posts that will delve deeper into some of these new enhancements.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.