Micro Focus ArcSight Data Platform (ADP) 2.6 has been released

  • KM03688314
  • 04-Aug-2020
  • 07-Aug-2020

Summary

Micro Focus ArcSight Data Platform (ADP) 2.6

Reference

Recommended Software Update

Micro Focus is announcing the release of

Product: ArcSight Data Platform (ADP)
Version: 2.6
Languages: English

ArcSight Data Platform (ADP) v2.6 is a suite of products containing the following Products:

  • Logger v7.1
  • ArcSight Management Center (ArcMC) v2.9.5
  • Transformation Hub v3.3
  • Smart Connectors v8.0.0

ArcSight Logger 7.1 includes:

  • Storage Improvements:
    - Store up to 15% more data in the same disk space.
  • Search Improvements
    - Persist and load search results for further analysis.
    - View peer stats search status information before, during, and after executing a search.- Internal audit events for the different search stages (start, finish, and intermediate).
    - Open up to 10 tabs to perform different searches or review completed search results.
    - Search dashboard to view active searches.
  • Search Congruity Improvements:- Field summary: Improved field summary on the search results page with 10 values both top and bottom.
    - Highlight events to easily recognize similar and/or specific events included in the search results.
    - Save your queries as a filter, dashboard panel, or saved search (schedule a search or alert or even create a report out of them).
    - Customize your results, export to a local disk, remote location, or to Logger.
    - Create, edit, clone, and delete field sets.
  • Navigation bar has been enhanced and it is now available throughout the UI for navigation.
  • Using a TH destination, Logger can now forward data to Kafka and ArcSight Transformation Hub.
  • Define and tune Logger Roles: Available memory will be adjusted based on the role(s) you select for optimal performance.
  • AWS Destination: Logger Archives can now be sent to an AWS storage.
  • Cipher Suites have been updated.
  • Support for RHEL 8.1 in Software.
  • Various security fixes, feature updates, and bug fixes. 

ArcSight Management Center 2.9.5 includes:

  • Support for the latest Connector release, v8.0.0.
  • Windows Native Connector (WiNC) on a Connector Host Appliance (CHA) can now run in a Windows 2019 Server VM on Gen9 CHAs.
  • Support for the new Avro formatted event schema.
  • Event routing and filtering in Transformation Hub for events transformed from CEF to Avro format and consumed by ESM, Interset, Logger and Investigate.  These events may now be stored in a common high-performance Vertica database shared by all ArcSight products.
  • Configuration for the new AWS Cloud S3 SmartConnector.
  • Configuration for the new AWS Security Hub SmartConnector.
  • Configuration of Transformation Hub processing in Microsoft Azure environment that leverages Azure services and capabilities.
  • Platform component version updates have been certified on RHEL 7.8, CentOS 7.8 (RHEL/CentOS 8.1 was already supported in 2.94), with current releases of Azul Zulu Java runtime and PostgreSQL. Component libraries include current vulnerability compliance, and ciphers are up-to-date.

ArcSight Connectors 8.0.0 includes:

  • Significant improvements and new support for AWS and Azure native cloud services, including new connectors for AWS Security Hub and AWS S3 log sources.
  • Security Hub supports AWS GuardDuty event processing  
  • AWS S3 supports Cisco Umbrella DNS log processing
  • Un-obfuscated parsers are now available on the installation media, bypassing the need to work with Customer Support to get access to these parser definitions.   
  • Support for the latest releases of Micro Focus Security, Risk and Governance product.Refer to the Support Matrix of each product for applicability.
  • Security improvements to the Connector Load Balancer
  • A memory profile can be applied to a Connector to start the Connector with tailored memory allocations consistent with the Connector’s role in the Logger ecosystem 
  • Connector now supports ZSTD compression, which generally performs better than GZIP, when communicating with Transformation Hub
  • Windows Native Connector (WiNC) on a Connector Host Appliance (CHA) can now run in a Windows 2019 Server VM on Gen9 CHAs.
  • Platform component version updates have been certified on RHEL 7.8, CentOS 7.8 and current releases of Azul Zulu Java runtime.  Component libraries include current vulnerability compliance, and ciphers are up-to-date. 
Transformation Hub 3.3 includes:
  • Deployment and configuration of Transformation Hub in Microsoft Azure environment that leverages Azure services and capabilities
  • Upgrades to Version 3.3.0 from prior Version 3.x releases and patches/hotfixes are supported in the native CDF Installer, using rolling upgrades through the Master and Worker Nodes in the cluster.
  • Support for the latest Connector release, v8.0.0
  • A new CEF-to-Avro stream processor and its supporting topics have been introduced, for ESM events.  Using CEF routing rules, ESM can read from a topic of filtered Avro events.
  • The ZSTD compression algorithm is now supported.  ZSTD generally performs better than GZIP, which was the only supported compression algorithm up until this release. ZSTD compression requires an upgrade to SmartConnector v8.0.0, where it is also now supported. 
  • Support for the new Avro formatted event schema.  The Avro schema has been updated such that events may now be stored in a common highly performant Vertica database shared by all ArcSight products.
  • The Container Deployment Platform has been upgraded to version 2020.05.  A new CDF Doctor troubleshooting capability is now available to help pinpoint issues with Transformation Hub’s container-based deployments.
  • Platform component version updates have been certified on RHEL 7.8, CentOS 7.8 (RHEL/CentOS 8.1 was already supported in 3.2.0), with current releases of Azul Zulu Java runtime, PostgreSQL, Apache Kafka Client, and the Confluent platform (which includes Apache Kafka, Schema Registry and ZooKeeper). Component libraries include current vulnerability compliance, and ciphers are up-to-date.

These releases include various security fixes and bug fixes.

See the release notes of each product for more information.

Please note that all ADP 2.6 customers with active support subscription are eligible for the new ADP update: https://entitlement.microfocus.com/mysoftware/iam/home
Connector Framework  7.14.0,  7.15.0 and 8.0.0 â€“The software can be found on the Software entitlement portal: https://entitlement.microfocus.com/mysoftware/iam/home

This release is part of our larger ArcSight 2020.2 release, which marks a significant accomplishment in our mission to make ArcSight more simple, open and intelligent. You can read more about the details of this release, and how it will enable your SOC, in our “ArcSight’s Latest and Greatest†flyer available here: https://www.microfocus.com/media/article/arcsights-latest-and-greatest-article.pdf

For more information, please check the Release Notes for this version (available from MySupport).

If you have an active support subscription for these products, please plan for downloading this version from the Software Licenses and Downloads Portal. To access these products in the Software Licenses and Downloads Portal, you will need to sign in with your Micro Focus credentials. 

Our goal is to provide you with clear visibility into the support time-line of software products, enabling you to use this information to plan, test, and deploy new product versions. For more information, check our MySupport Software Product Lifecycle pages. Please take note of the end of support dates for the latest available version of this product:

 Support time-line
 Date Details
 Aug 31, 2023 Committed Support Ends

Please note all ArcSight Data Platform customers with active support subscriptions are eligible to update to ArcSight Data Platform version 2.6.