Micro Focus Security ArcSight SmartConnectors 8.1.0 has been released

  • KM03767444
  • 10-Dec-2020
  • 11-Dec-2020

Summary

Micro Focus Security ArcSight SmartConnectors 8.1.0

Reference

Recommended Software Update

Micro Focus is announcing the release of

Product: Security ArcSight SmartConnectors
Version: 8.1.0
Languages: English

This release of SmartConnectors contains the following new features:

  • Significant Performance and Stability Improvements – Performance-focused code refactoring has achieved SmartConnector throughput improvements of up to 1,000% versus SmartConnectors v8.0.0 on an ArcSight Gen10 Connector Host Appliance, potentially allowing for a reduction in the number of SmartConnectors required to process workloads. As a result of these improvements, this release is also more stable and reliable. Throughput improvements apply to FlexConnectors and RepSM Plus as well.
  • Load Balancer stability has been improved to detect when a SmartConnector is not responding and gracefully reconnect to the connector.
  • New and improved SmartConnectors supporting vendor cloud-native services and popular event sources 
  • Amazon Web Services
    • Additional event sources supported in AWS Security Hub cloud-native SmartConnector, with support for: Proxy, IP and Cloud firewall logs. All log categories are now fully supported.
    • CEF, XML and XQuery log types are now supported by the AWS S3 cloud-native SmartConnector
    • Documentation is now available on how to add support for new parsers of events residing in AWS S3
    • Ability to delete non-CloudTrail messages
  • Microsoft
    • Azure Security Center is now supported by the Azure Event Hub cloud-native SmartConnector
    • Support for SASL Plain Authentication in the Kafka FlexConnector enabling the connector to more securely ingest and consume events from/to Azure Event Hub
    • A new FlexConnector supporting Microsoft 365 Defender (M365D) - formerly Microsoft Threat Protector (MTP) is now available. M365D inherently supports Microsoft Graph API and Advanced Thread Protection events.
  • AWS and Azure SmartConnector parsers are now un-obfuscated and available on the installation media, bypassing the need to work with Customer Support to get access to these parser definitions. o Windows Native Connector (WiNC) on Gen10 C6700 Connector Host Appliance (CHA) 
  • Windows Native SmartConnector (WiNC) can now run in a Windows 2019 Server VM, hosted on Gen10 ArcMC Connector Hosting Appliance (CHA). WiNC runs native Microsoft Windows code to ingest Windows event sources.
  • Okta identity and access management – A new SmartConnector now supports Okta’s industry leading identity and access management solution
  • Avro-formatted event streams
    • ArcSight now supports Avro-formatted event streams throughout its infrastructure. SmartConnectors have been enhanced to emit Avro-formatted events which can be consumed by Transformation Hub, ESM, Interset, Recon and 3rd party consumers. Avro is an industry standard data format, providing flexibility when defining fields based on a Schema Registry. Avro formatted events position ArcSight to be able to add new fields to future releases while maintaining backward compatibility with prior releases.
  • Content and Parser Improvements o Changes to the session interfaces for RepSM Plus to ensure compatibility with backend Zvelo system content feeds.
    • MITRE ATT&CK
      • Improved detection of the Finance industry against specialized threat actors
    • Parsers
      • New Version Updates for McAfee ePO, Cisco Secure ACS, Zeek, Arbor Networks Peakflow, MS Active Directory, Linux Audit File, ClamAV, Snoopy Logger
      • Improved parsing of Juniper, MS Sysmon, Cisco NX, Blue Coat, Fortinet Fortigate, Oracle Audit Syslog, Symantec End Point Protection 
    • Categorization
      • Improved categorizations for O365, Syslog messages, Cisco, Juniper, CheckPoint, IBM related logs 
  • Support for the latest releases of Micro Focus Security, Risk and Governance products. Refer to the Support Matrix of each product for applicability. 
    • Platform component version updates have been certified on RHEL 8.2, CentOS 8.2 and current releases of Azul Zulu Java runtime and Apache Tomcat. Component libraries include current vulnerability compliance, and ciphers are up-to-date. 
    • Miscellaneous bug fixes. Refer to the Release Notes for the specific defects addressed. 

    Installation and updates

    Please check the product’s software for installation instructions, release notes and user manuals. This documentation can also be downloaded from Software Support Online (select Dashboards>>Manuals). 

    For further SmartConnector updates, please visit the Software License and Downloads Portal. To receive product specific update alerts, select the ‘Email Signup’ link under “Customer Resources” at the bottom of the Software License and Downloads Portal homepage. Note that for some of these portals you are required to login with your Passport account that is linked to your Support Agreement ID(s). If you do not yet have a Passport account, click on ‘Register for Software Passport’ on Software Support Online

    Support

    We are here to advise and help with the installation process. In the unlikely event that you encounter an issue, please check Software Support Online which includes a knowledge base for self-service help, as well as additional support information. If you are unable to resolve your issue, please open a Service Request (select Service Requests (Incidents)) and one of our engineers will contact you. 

    To optimize your software throughout its lifecycle, a portfolio of support services is available; check the Software Support Offerings page for more information. 

    Community
     
    As a valued Micro Focus customer, we recommend you to take advantage of the free Software Customer Community Program, which can help you optimize the returns on your software investment. Within the community we have entitled support customer forums that are staffed by our support engineers, who will be actively monitoring posts, prepared to answer your questions. Since access is determined by valid Support Agreement ID (SAID) numbers, users will be able to discuss topics in a secure environment, once logged in. We encourage you to try this method of getting help with product technical issues first, rather than placing a telephone call or logging an online support ticket. Your discussions and posts will help all community users.
     
    Join the forums to: 
  • Discuss product-specific topics
  • Get access to best practices, support tips, and tricks
  • Discuss technical issues
  • Connect with your peers in the industry to share best practices
  • Participate in our product related Expert Days
  • Learn more about product events

It is fast and simple to register for membership at the Micro Focus Software Communityhomepage. 

Please visit the ArcSight User Discussions page for more information. Services Complementing our Support services, Micro Focus’ Professional Services and Education Services are available at any point in the software lifecycle. Whether you need help with planning deployment, implementing software or ensuring that it is continuously delivering against your objectives, please visit our Services page for the IT services portfolio we offer, or for how to contact us for a no-obligation chat. 

Learn more at 
https://software.microfocus.com/

This release is part of our larger ArcSight 2020.3 release. You can read more about the details of this release, and how it will enable your SOC, in our “ArcSight’s Latest and Greatest” flyer available here: https://www.microfocus.com/media/article/arcsights-latest-and-greatest-article.pdf 
A video summary of the release is also available on our SecOps Unplugged channel: https://www.youtube.com/channel/UCWfeits4KBY-pyqvwM8szWw

For more information, please check the Release Notes for this version (available from MySupport).   

If you have an active support subscription for these products, please plan for downloading this version from the Software Licenses and Downloads Portal. To access these products in the Software Licenses and Downloads Portal, you will need to sign in with your Micro Focus credentials.

Our goal is to provide you with clear visibility into the support time-line of software products, enabling you to use this information to plan, test, and deploy new product versions. For more information, check our MySupport Software Product Lifecycle pages. Please take note of the end of support dates for the latest available version of this product:

Support time-line
Date Details
Dec 31, 2023 Committed Support Ends

Please note that all Security ArcSight SmartConnectors customers with active support subscriptions are eligible to update to Security ArcSight SmartConnectors version 8.1.0.