Support security features provided by SNMP v3

Idea ID 2791157

Support security features provided by SNMP v3

Authentication in SNMP v1 and v2 is nothing but community string sent in clear text. SNMPv3 does not use community strings, but uses password based authentication and encryption depending of how the users have been defined.

SNMP v3 provides the security features like Confidentiality, Reliability, Integrity and authentication, which the connector should leverage.

The connector uses a wrapper library, AdventNetSnmp to interface with SNMP. Need to verify if v3 security features are supported by this and if not, use a newer version.

https://bugzilla.netiq.com/show_bug.cgi?id=729522
3 Comments
Micro Focus Contributor
Micro Focus Contributor
Update from NTS about customer ING BANK SLASKI S.A: Because of the security requirements, they moved some of the SNMP sources to Splunk. Some of them are still connected to the Sentinel but they are unable to tell me if this situation can be persistent or the will have to switch this sources to encrypted SNMP. So if at that moment we won't have this solution, they will move this remaining sources to Splunk.
Micro Focus Contributor
Micro Focus Contributor
Update from the customer bug for which this idea was created... https://bugzilla.novell.com/show_bug.cgi?id=729522 ******************************************************************************* Piotr Piotrowski: Are there any plans to implement this in the "standard" Sentinel SNMP connector? Or there won't be any changes as this can be achieved using SmartConnector for SNMP: https://community.softwaregrp.com/t5/ArcSight-Connectors/SmartConnector-for-SNMP-Unified/ta-p/1587063?attachment-id=68444 Brandon Langley: Piotr, only Ted can answer that definitively. I'd expect based on previous conversations that we would encourage the use of the SmartConnector as a preferred approach. That being said, if there's an issue with going that route, Ted will want to know about it so we can figure out how to best approach solving the issue. Piotr Piotrowski: Thanks Brandon, I just wanted to know if the SmartConnector is the right direction and if I can send this information to the customer. Brandon Langley: It definitely is, just be aware that if it starts causing great heartburn for whatever reason you are encouraged to surface that to us :) Piotr Piotrowski: You can bet that we will :) As SmartConnector is the solution for this enhancement, for me we can close this bug. ******************************************************************************* So I was thinking if we can mark this idea as completed...
Micro Focus Expert
Micro Focus Expert
Sentinel now supports event feeds from ArcSight Smart Connector, but we have not certified each event feed. This is one of the event feeds that has not been certified or even validated by a customer. Any Sentinel customer is welcome to try any Smart Connector feed, but if they haven't been certified, some adjustments may need to be made to get all of the data fields reporting correctly.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.