Micro Focus Security ArcSight Data Platform (ADP) 2.7 has been released

  • Document ID:KM03810875
  • Creation Date:19-May-2021
  • Modified Date:24-May-2021
    • Micro Focus Products:
      arcsight transformation hub
      arcsight logger software
      arcsight smart connectors
      arcsight management center

Summary

Micro Focus Security ArcSight Data Platform (ADP) 2.7

Reference

Recommended Software Update

Micro Focus is announcing the release of

Product: Security ArcSight Data Platform (ADP)
Version: 2.7
Languages: English

The following new key features are available with this version:

ArcSight Data Platform (ADP) 2.7 includes the following ArcSight products:

  • Logger 7.2
  • ArcSight Management Center (ArcMC) 3.0
  • Transformation Hub 3.5
  • Smart Connectors 8.2

The Logger 7.2 release is focused on the following areas.

  • Ability for Recon to search on Logger event data.
  • MySQL has been upgraded to 5.7.21 version to address security fixes.
  • Zstd compression library to store up to 15% more events compared to previous releases.
  • Search UI – Migration to new search UI is now complete and the classic search UI is deprecated
  • Improved Peer Search, Saved results and Search UI response time.
  • Introducing a dedicated apache for event ingestion to better support high traffic Logger.
  • Forward events in AVRO format from Logger.
  • Reporting improvement.
  • Export list of scheduled reports from Logger.
  • Ability to retrieve up to 100,000 results when using grouping or sorting.
  • One step upgrade from any supported version of Logger(>=6.6) to Logger 7.2.
  • Updated localizations.
  • Bug fixes, security fixes and library updates.

The ArcMC v3.0 release is focused on the following areas:

ArcMC now supports both a non-Containerized, traditional install and a new Containerized installation

  • Non-containerized, traditional ArcMC is supported and is recommended for pre-existing legacy deployments (e.g. ArcMC 2.9x).
    • Upgrade to non-containerized v3.0.0 is supported from prior releases

New Containerized Deployment – Fusion ArcMC

  • ArcMC can now be deployed into the containerized ArcSight Suite as a component of the Fusion capability.  This is the recommended model for Recon and Intelligence, supporting new deployments only, not upgrades from prior ArcMC releases.
  • Containerized applications support built-in upgrades
  • Cloud-native deployment into AWS and Azure
  • While more than one cluster node can have the ‘Fusion’ Label, only a single Fusion ArcMC instance will run at any given time.  Kubernetes cluster management will automatically restart failed pods.
  • Fusion ArcMC UI is launched from Fusion UI.  Login is into Fusion UI, supporting Single Sign-On to ArcMC UI
  • Consolidated Group/User/Role management within Fusion

Logical Connector Grouping

  • SmartConnectors configured with a connector group name will have the group name shown in ArcMC license reports. Grouping enables customers who have multiple connectors servicing a log source to view connector licensing metrics for the group.

Platform Currency

  • Platform component version updates have been certified on RHEL 8.2 and 7.9, and CentOS 8.2 and 7.9, with current releases of Azul Zulu Java runtime and Tomcat 9.x.

The Transformation Hub 3.5 release is focused on the following areas.

  • Performance Improvements
  • Event Data Integrity Support for Recon
  • Bug fixes, security fixes and library updates.

The Smart Connector 8.2 release is focused on the following areas.

  • New SmartConnectors:
    • MS 365 Defender
    • New support for GCP security event sources
    • New Polyverse Zerotect FlexConnector supports zero-day detection
  • Windows Native Connector (WiNC) performance and stability improvements.  Now 20% faster than v8.1
  • Improved AWS Security Hub event log service coverage
  • New support for Microsoft Azure Powershell
  • New support for Micro Focus SaaS initiatives
  • Enables crowd sourcing for Connector & Parsers on MF managed GitHub
  • Connector currency updates – Over 60 new device, component, and OS version support
  • Support for Micro Focus SaaS initiatives 
  • Support latest ArcSight releases (Logger, THub, Recon, Appliances, ESM, …)
  • Bug fixes, security fixes and library updates.

The Latest 3 versions of Smart Connector Framework v8.0.0, v8.1.0 and v8.2.0 can be found On the Software Entitlement portal: https://entitlement.microfocus.com/mysoftware/iam/home

See the release notes of each product for more information.

This release is part of the larger ArcSight 2021.1 release. You can read more about the details of this release, and how it will enable your SOC, in our “ArcSight’s Latest and Greatest” flyer available here: https://www.microfocus.com/media/article/arcsights-latest-and-greatest-article.pdf 

A video summary of the release is also available on our ArcSight Unplugged channel: https://www.youtube.com/channel/UCWfeits4KBY-pyqvwM8szWw

For more information, please check the Release Notes for this version (available from MySupport).

If you have an active support subscription for these products, please plan for downloading this version from the Software Licenses and Downloads Portal. To access these products in the Software Licenses and Downloads Portal, you will need to sign in with your Micro Focus credentials.

Our goal is to provide you with clear visibility into the support time-line of software products, enabling you to use this information to plan, test, and deploy new product versions. For more information, check our MySupport Software Product Lifecycle pages. Please take note of the end of support dates for the latest available version of this product:

Support time-line
Date Details
May 31, 2024 Committed Support Ends

Please note that all Security ArcSight Data Platform customers with active support subscriptions are eligible to update to Security ArcSight Data Platform version 2.7.