What is New in ArcMc?“Consolidated Update”

Brian WolffChief ArcSight ArchitectUpdated 05/06/2020

ArcMc

Product updates by version2

How to use the following matrix

Locate the version of the product and the version that you have installed

Click on the next highest version

- This will then walk you thru all the capabilities of new versions of your product

At the end of each section there is a “Blue Arrow”

- Click on it and it will take you back to the “Matrix Slide”

Product

ArcMC 2.2 2.60 2.7 2.71 2.80 2.81 2.90 2.92 2.93 2.93P1 2.94

Note: Not all-inclusive Work in Progress

ArcMc Series

ArcMC 2.2

Scale/Performance – ArcMC 2.2

Connector Hosting App- 25,000 EPS per box

64-bit connectors now available

Encryption

• Encryption with the Gen 9 box• RAID Level

• Both appliance boxes covered• No performance impact• Certified with the data migration

• Note: if you have encryption enabled, and then decide to turn it off, you will lose your data

Other FeaturesADP-Logger

• All ESM fields available in fieldsets• FIPs Supported• Content Override Option• ConApp to ArcMC Migration for

3X00 appliances• Forced initial password change• Digitally signed reports• Updated CIPs Packages for PCI 4.0

and ITGov• Performance improvements with the

report engine

ADP-Management

• User Management Performance• Remote WINC Management• Local Host Subscriber• Canned Breach Rules• FIPs• Forced initial password change• New HPE colors

9

ArcMc 2.6

10

• Event Broker Management: • ArcSight Event Broker management includes route and topic creation, as well as health and status parameter monitoring.

Monitored parameters for Event Broker include CPU Usage, Memory, Disk Usage, Event Broker Throughput, Total EPS In, Event Parsing Error, Stream Processing EPS, and Stream Processing Lag.

• Improved Node Management Interface: • The Node Management interface has been improved for clarity and ease of use.

• Improvements to Topology View: • The Topology View now includes many improvements, including time-out settings, to age out inactive devices and remove

them from management.

• Improved Import Hosts Process: • Importing hosts from a CSV will take less time than formerly, as jobs run in parallel.

• Improved License Consumption Report: • The License Consumption report can now be run for a specified time interval, instead of an entire year.

• New Rules: • Several additional monitoring rules have been enabled by default. These can be edited or deleted as preferred.

ArcMc 2.6

Monitoring & Management EB using ArcMC

Creating topicsCreating routing rulesMonitoring EB infrastructureMonitoring events in routing Creating personal notifications to (email, SMTP, audit)

3rd Parties

Event Broker

LL

LVertica

ArcMC

ESM

T

T T T

T T

Management and Monitoring of EB using ArcMC

• Topics creation• CEF Routing• Health and status parameter

monitoring

13

Improved Topology View

• Added time-out settings to age out inactive devices and remove them from management

• Grouping of Devices

14

Improved UI Performance

• Scales to hundred thousand devices

• Order of magnitude improved responsiveness

15

Additional Features

16

Improved Node Management Interface: The Node Management interface has been improved for clarity and ease of use.

Improved Import Hosts Process: Importing hosts from a CSV will take less time than formerly, as jobs run in parallel.

Improved License Consumption Report: The License Consumption report can now be run for a specified time interval, instead of an entire year.

New Rules: Several additional monitoring rules have been enabled by default. These can be edited or deleted as preferred

BCFIPS Library for FIPS

Topic Creation

Topic routing and filtering *

* CEF topics only

ADP 2.1 (Mar17): ArcMC management of Event BrokerArcMC 2.60, Event Broker 2.00

ADP 2.2 (Oct17): Enhanced Topology View ArcMC 2.70, Event Broker 2.10

18

ArcMc 2.7

20

ArcMc 2.7

• Deploy connectors and Collectors directly in the Deployment View where needed with just a few clicks, using the new Deployment Templates feature.

Instant Connector Deployment:

• The Deployment View shows the physical relationships between network devices (event producers), connectors, their hosts, and their destinations in each of your ArcMC locations.

• Use the deployment view to model subsystems, and quickly trace issues and drill down on details.

Deployment View:

• ArcMC now includes the alpha Connectors in Event Broker (CEB) feature, for non-production public alpha testing and evaluation, which collects raw data through a source topic in Event Broker. Raw events are sent to this source topic from a Collector device. CEBs enable event normalization and processing to be moved directly to Event Broker. For restrictions on the alpha feature, see About CEB for more information.

Connectors in Event Broker (CEB):

• Deploy the ArcSight Secure Data Add-On encryption client to connectors and Collectors as part of Instant Connector Deployment. Events will be displayed in encrypted format in Logger and the ESM console.

ArcSight Secure Data Add-On Integration:

ADP 2.2 (Oct17): Deployment from ArcMCArcMC 2.70, Connector 7.7

ADP 2.2: Connector in Event Broker (Alpha feature, not for production)ArcMC 2.70, Connectors 7.70, Event Broker 2.10

Benefits:

• Easier centralized scaling for collection architecture

• Reduced network traffic

• Raw events only on the wire

• Single destination

22

ArcMC 2.71

ArcMC 2.71

24

General Bug Fix Support for RHEL/CentOS 7.4

For Managed ArcSight Products

25

CEB and Collectors: For Testing and Evaluation Only

Connectors in Event Broker (CEB) and all related functionality, including Collectors, are provided as non-production public alpha features. These features are provided for your testing and evaluation only and should not be considered fully functional, nor are they supported by HPE Support, nor are they guaranteed to be available in the product in the future.

Consult the ArcMC Admin Guide, and directions from the ArcMC product team, for best practices and guidance on how to use these features.

CEB and Collectors must not in any circumstances be used in a production environment.

- We welcome questions, comments, and feedback on these features. Please direct any questions or comments to our ArcMC product team at adp-ceb-alpha@hpe.com.

26

ArcMC 2.80

ArcMC 2.80

28

Bulk installation of Micro Focus SecureData client in Connectors,

Centralized configuration of encrypted fields in CEF events enables pushing Micro Focus SecureData

information to Logger,

Monitoring and management of ArcSight Collectors,

Monitoring and management of Connectors in Event Broker (CEB),

Various security fixes, feature updates, and bug fixes.

Technical Requirements

29

For Managed ArcSight Products

30

ArcMC 2.81

ArcMC 2.81

32

Secure Authenticated SMTP: ArcMC can now

send emails using a secured authenticated

SMTP server

Clone Deployment Templates: You can now

copy values from an existing deployment

template

Device Rules: Ability to create, edit, and delete

a device rule

Devices have Severity associated with them

instead of Status: Up is equivalent to "HEALTHY"

and Down to "FATAL"

Sunburst Chart and corresponding

breakdown table: Is enhanced to show the

severity instead of status

Support for three types of Acknowledgment

modes for Connector in Event Broker (CEB)

Support for 50 CEBs for Event Broker 2.21

Technical Requirements

33

For Managed Products

34

ArcMC 2.9.0

2.9.0

36

Global Event ID: Every event generated by an ArcSight component will have a unique Global Event ID. This will help in identifying the events in case the same event is seen in multiple ArcSight components like Logger, ESM, and Event Broker.

Generator ID Management: Allows users to generate an ID to assign it to a non-managed product. A unique Generator ID is required by ArcSight component to generate unique Global Event IDs. ArcMC will help set unique Generator ID on ArcSight components.

SecureData Client: Latest SecureData Client available to install on managed Connectors.

Non-root user support for instant Connector deployment.

Technical Requirements

37

Fixed Issues

38

For Managed ArcSight Products

39

ArcMC 2.9.1

What’s New in this Release

Set Generator ID during Scan Host

Technical Requirements

42

Fixed Issues

43

Fixed Issues

44

For Managed ArcSight Products

45

ArcMC 2.9.2

What’s New in this Release

47

This version of ArcMC includes the following features and enhancements:

BULK EMERGENCY RESTORE: USERS CAN PERFORM EMERGENCY RESTORE OF MULTIPLE LOCAL CONTAINERS

AT ONCE. THIS FEATURE ALSO PROVIDES A WAY TO MIGRATE LOCAL CONTAINERS FROM 32 BIT TO 64 BIT . THE EXISTING CONNECTOR CONFIGURATION WILL BE

PRESERVED AFTER THE MIGRATION PROCESS.

HOST TAB FEATURE MIGRATION: FUNCTIONALITIES UNDER NODE MANAGEMENT > HOSTS TAB CAN NOW BE

FOUND IN CONFIGURATION MANAGEMENT > BULK OPERATIONS > HOSTS TAB.

For Managed ArcSight Products

Technical Requirements

49

For Managed ArcSight Products

50

ArcMC 2.9.3

2.9.3

52

Platform component version updates now support RHEL 7.7 and CentOS 7.7, current releases of: Azul

Zulu Java runtime, as well as other component libraries and compliance with up-to-date vulnerabilities.

l Support for Brazilian time zone changes.

l Support for EPS-based licensing metrics for Logger.

Technical Requirements

53

ArcMC 2.9.3 P1

ArcMc 2.9.3 P1

55

Upgraded JRE to Azul Zulu 8U232 b18

8.42.0.23.

Platform now supports RHEL 7.7 and CentOS

7.7.

Compliance with up-to-date vulnerabilities and

component libraries, including current

releases of the

Azul Zulu Java runtime libraries.

Support for Brazilian time zone changes.

Support for EPS-based licensing metrics for

Logger.

Technical Requirements

56

Fixed Issues

57

Fixed Issues

58

For Managed ArcSight Products

59

ArcMC 2.9.4

This version of ArcMC includes the following new features and enhancements:

61

Import/Export host CSV Format Update: A new column connector container name has been added to the CSV file when importing or exporting hosts.

Device Status Report: The device status report can now be exported in CSV format with the device list details.

EPS License Detailed Report: Users can now export the EPS license detailed report in CSV format with EPS information per managed EPS licensed logger for the selected duration.

Requirements

62

Fixed Issues

63

Fixed Issues

64

Security Fixes

65

For Managed ArcSight Products

66