What is New in ArcSight? “Consolidated Update”€¦ · 5/6/2020 · Platform component version...
Transcript of What is New in ArcSight? “Consolidated Update”€¦ · 5/6/2020 · Platform component version...
What is New in ArcMc?“Consolidated Update”
Brian WolffChief ArcSight ArchitectUpdated 05/06/2020
ArcMc
Product updates by version2
How to use the following matrix
Locate the version of the product and the version that you have installed
Click on the next highest version
- This will then walk you thru all the capabilities of new versions of your product
At the end of each section there is a “Blue Arrow”
- Click on it and it will take you back to the “Matrix Slide”
Product
ArcMC 2.2 2.60 2.7 2.71 2.80 2.81 2.90 2.92 2.93 2.93P1 2.94
Note: Not all-inclusive Work in Progress
ArcMc Series
ArcMC 2.2
Scale/Performance – ArcMC 2.2
Connector Hosting App- 25,000 EPS per box
64-bit connectors now available
Encryption
• Encryption with the Gen 9 box• RAID Level
• Both appliance boxes covered• No performance impact• Certified with the data migration
• Note: if you have encryption enabled, and then decide to turn it off, you will lose your data
Other FeaturesADP-Logger
• All ESM fields available in fieldsets• FIPs Supported• Content Override Option• ConApp to ArcMC Migration for
3X00 appliances• Forced initial password change• Digitally signed reports• Updated CIPs Packages for PCI 4.0
and ITGov• Performance improvements with the
report engine
ADP-Management
• User Management Performance• Remote WINC Management• Local Host Subscriber• Canned Breach Rules• FIPs• Forced initial password change• New HPE colors
9
ArcMc 2.6
10
• Event Broker Management: • ArcSight Event Broker management includes route and topic creation, as well as health and status parameter monitoring.
Monitored parameters for Event Broker include CPU Usage, Memory, Disk Usage, Event Broker Throughput, Total EPS In, Event Parsing Error, Stream Processing EPS, and Stream Processing Lag.
• Improved Node Management Interface: • The Node Management interface has been improved for clarity and ease of use.
• Improvements to Topology View: • The Topology View now includes many improvements, including time-out settings, to age out inactive devices and remove
them from management.
• Improved Import Hosts Process: • Importing hosts from a CSV will take less time than formerly, as jobs run in parallel.
• Improved License Consumption Report: • The License Consumption report can now be run for a specified time interval, instead of an entire year.
• New Rules: • Several additional monitoring rules have been enabled by default. These can be edited or deleted as preferred.
ArcMc 2.6
Monitoring & Management EB using ArcMC
Creating topicsCreating routing rulesMonitoring EB infrastructureMonitoring events in routing Creating personal notifications to (email, SMTP, audit)
3rd Parties
Event Broker
LL
LVertica
ArcMC
ESM
T
T T T
T T
Management and Monitoring of EB using ArcMC
• Topics creation• CEF Routing• Health and status parameter
monitoring
13
Improved Topology View
• Added time-out settings to age out inactive devices and remove them from management
• Grouping of Devices
14
Improved UI Performance
• Scales to hundred thousand devices
• Order of magnitude improved responsiveness
15
Additional Features
16
Improved Node Management Interface: The Node Management interface has been improved for clarity and ease of use.
Improved Import Hosts Process: Importing hosts from a CSV will take less time than formerly, as jobs run in parallel.
Improved License Consumption Report: The License Consumption report can now be run for a specified time interval, instead of an entire year.
New Rules: Several additional monitoring rules have been enabled by default. These can be edited or deleted as preferred
BCFIPS Library for FIPS
Topic Creation
Topic routing and filtering *
* CEF topics only
ADP 2.1 (Mar17): ArcMC management of Event BrokerArcMC 2.60, Event Broker 2.00
ADP 2.2 (Oct17): Enhanced Topology View ArcMC 2.70, Event Broker 2.10
18
ArcMc 2.7
20
ArcMc 2.7
• Deploy connectors and Collectors directly in the Deployment View where needed with just a few clicks, using the new Deployment Templates feature.
Instant Connector Deployment:
• The Deployment View shows the physical relationships between network devices (event producers), connectors, their hosts, and their destinations in each of your ArcMC locations.
• Use the deployment view to model subsystems, and quickly trace issues and drill down on details.
Deployment View:
• ArcMC now includes the alpha Connectors in Event Broker (CEB) feature, for non-production public alpha testing and evaluation, which collects raw data through a source topic in Event Broker. Raw events are sent to this source topic from a Collector device. CEBs enable event normalization and processing to be moved directly to Event Broker. For restrictions on the alpha feature, see About CEB for more information.
Connectors in Event Broker (CEB):
• Deploy the ArcSight Secure Data Add-On encryption client to connectors and Collectors as part of Instant Connector Deployment. Events will be displayed in encrypted format in Logger and the ESM console.
ArcSight Secure Data Add-On Integration:
ADP 2.2 (Oct17): Deployment from ArcMCArcMC 2.70, Connector 7.7
ADP 2.2: Connector in Event Broker (Alpha feature, not for production)ArcMC 2.70, Connectors 7.70, Event Broker 2.10
Benefits:
• Easier centralized scaling for collection architecture
• Reduced network traffic
• Raw events only on the wire
• Single destination
22
ArcMC 2.71
ArcMC 2.71
24
General Bug Fix Support for RHEL/CentOS 7.4
For Managed ArcSight Products
25
CEB and Collectors: For Testing and Evaluation Only
Connectors in Event Broker (CEB) and all related functionality, including Collectors, are provided as non-production public alpha features. These features are provided for your testing and evaluation only and should not be considered fully functional, nor are they supported by HPE Support, nor are they guaranteed to be available in the product in the future.
Consult the ArcMC Admin Guide, and directions from the ArcMC product team, for best practices and guidance on how to use these features.
CEB and Collectors must not in any circumstances be used in a production environment.
- We welcome questions, comments, and feedback on these features. Please direct any questions or comments to our ArcMC product team at [email protected].
26
ArcMC 2.80
ArcMC 2.80
28
Bulk installation of Micro Focus SecureData client in Connectors,
Centralized configuration of encrypted fields in CEF events enables pushing Micro Focus SecureData
information to Logger,
Monitoring and management of ArcSight Collectors,
Monitoring and management of Connectors in Event Broker (CEB),
Various security fixes, feature updates, and bug fixes.
Technical Requirements
29
For Managed ArcSight Products
30
ArcMC 2.81
ArcMC 2.81
32
Secure Authenticated SMTP: ArcMC can now
send emails using a secured authenticated
SMTP server
Clone Deployment Templates: You can now
copy values from an existing deployment
template
Device Rules: Ability to create, edit, and delete
a device rule
Devices have Severity associated with them
instead of Status: Up is equivalent to "HEALTHY"
and Down to "FATAL"
Sunburst Chart and corresponding
breakdown table: Is enhanced to show the
severity instead of status
Support for three types of Acknowledgment
modes for Connector in Event Broker (CEB)
Support for 50 CEBs for Event Broker 2.21
Technical Requirements
33
For Managed Products
34
ArcMC 2.9.0
2.9.0
36
Global Event ID: Every event generated by an ArcSight component will have a unique Global Event ID. This will help in identifying the events in case the same event is seen in multiple ArcSight components like Logger, ESM, and Event Broker.
Generator ID Management: Allows users to generate an ID to assign it to a non-managed product. A unique Generator ID is required by ArcSight component to generate unique Global Event IDs. ArcMC will help set unique Generator ID on ArcSight components.
SecureData Client: Latest SecureData Client available to install on managed Connectors.
Non-root user support for instant Connector deployment.
Technical Requirements
37
Fixed Issues
38
For Managed ArcSight Products
39
ArcMC 2.9.1
What’s New in this Release
Set Generator ID during Scan Host
Technical Requirements
42
Fixed Issues
43
Fixed Issues
44
For Managed ArcSight Products
45
ArcMC 2.9.2
What’s New in this Release
47
This version of ArcMC includes the following features and enhancements:
BULK EMERGENCY RESTORE: USERS CAN PERFORM EMERGENCY RESTORE OF MULTIPLE LOCAL CONTAINERS
AT ONCE. THIS FEATURE ALSO PROVIDES A WAY TO MIGRATE LOCAL CONTAINERS FROM 32 BIT TO 64 BIT . THE EXISTING CONNECTOR CONFIGURATION WILL BE
PRESERVED AFTER THE MIGRATION PROCESS.
HOST TAB FEATURE MIGRATION: FUNCTIONALITIES UNDER NODE MANAGEMENT > HOSTS TAB CAN NOW BE
FOUND IN CONFIGURATION MANAGEMENT > BULK OPERATIONS > HOSTS TAB.
For Managed ArcSight Products
Technical Requirements
49
For Managed ArcSight Products
50
ArcMC 2.9.3
2.9.3
52
Platform component version updates now support RHEL 7.7 and CentOS 7.7, current releases of: Azul
Zulu Java runtime, as well as other component libraries and compliance with up-to-date vulnerabilities.
l Support for Brazilian time zone changes.
l Support for EPS-based licensing metrics for Logger.
Technical Requirements
53
ArcMC 2.9.3 P1
ArcMc 2.9.3 P1
55
Upgraded JRE to Azul Zulu 8U232 b18
8.42.0.23.
Platform now supports RHEL 7.7 and CentOS
7.7.
Compliance with up-to-date vulnerabilities and
component libraries, including current
releases of the
Azul Zulu Java runtime libraries.
Support for Brazilian time zone changes.
Support for EPS-based licensing metrics for
Logger.
Technical Requirements
56
Fixed Issues
57
Fixed Issues
58
For Managed ArcSight Products
59
ArcMC 2.9.4
This version of ArcMC includes the following new features and enhancements:
61
Import/Export host CSV Format Update: A new column connector container name has been added to the CSV file when importing or exporting hosts.
Device Status Report: The device status report can now be exported in CSV format with the device list details.
EPS License Detailed Report: Users can now export the EPS license detailed report in CSV format with EPS information per managed EPS licensed logger for the selected duration.
Requirements
62
Fixed Issues
63
Fixed Issues
64
Security Fixes
65
For Managed ArcSight Products
66