Micro Focus Security ArcSight Managed Security Service Provider Platform (MSSP) 2021.05 has been released

Recommended Software Update

Micro Focus is announcing the release of

Product: Security ArcSight Managed Security Service Provider Platform (MSSP)
Version: 2021.05
Languages: English

The following new key features are available with this version:

ArcSight Data Platform (ADP) v2.7 includes the following ArcSight products:

• Logger 7.2
• ArcSight Management Center (ArcMC) 3.0
• Transformation Hub 3.5
• Smart Connectors 8.2

 The following are the Key Highlights:

• MySQL upgrade to 5.7.21 for enhanced security
• Enhanced Search UI improves peer search, saved results and response time
• Recon search of Logger event data is now enabled
• One-step upgrade from any supported version (v6.6 and above) to v7.2
• Performance improvements allow you to configure SmartConnectors to send events to Transformation Hub with greater data reliability guarantees (Leader ACK ON) without sacrificing throughput rate
• New Google Cloud SmartConnector for native Google Cloud Logging support
• New Microsoft Azure SmartConnector for native Microsoft 365 Defender support
• AWS Security Hub SmartConnector now supports AWS Cloud Front service
• New Polyverse Zerotect FlexConnector for industry-leading polymorphic and zero-day detection capabilities
• New documentation site for a comprehensive reference of ArcSight Connectors

The Logger v7.2 release is focused on the following areas:

• Ability for Recon to search on Logger event data.
• MySQL has been upgraded to 5.7.21 version to address security fixes.
• Zstd compression library to store up to 15% more events compared to previous releases.
• Search UI – Migration to new search UI is now complete and the classic search UI is deprecated
• Improved Peer Search, Saved results and Search UI response time.
• Introducing a dedicated apache for event ingestion to better support high traffic Logger.
• Forward events in AVRO format from Logger.
• Reporting improvement.
• Export list of scheduled reports from Logger.
• Ability to retrieve up to 100,000 results when using grouping or sorting.
• One step upgrade from any supported version of Logger(>=6.6) to Logger 7.2.
• Updated localizations.
• Bug fixes, security fixes and library updates.

The ArcMC v3.0 release is focused on the following areas:

• ArcMC now supports both a non-Containerized, traditional install and a new Containerized installation
  • Non-containerized, traditional ArcMC is supported and is recommended for pre-existing legacy deployments (e.g. ArcMC 2.9x).
    • Upgrade to non-containerized v3.0.0 is supported from prior releases
• New Containerized Deployment – Fusion ArcMC
  • ArcMC can now be deployed into the containerized ArcSight Suite as a component of the Fusion capability.  This is the recommended model for Recon and Intelligence, supporting new deployments only, not upgrades from prior ArcMC releases.
  • Containerized applications support built-in upgrades
  • Cloud-native deployment into AWS and Azure
  • While more than one cluster node can have the ‘Fusion’ Label, only a single Fusion ArcMC instance will run at any given time.  Kubernetes cluster management will automatically restart failed pods.
  • Fusion ArcMC UI is launched from Fusion UI.  Login is into Fusion UI, supporting Single Sign-On to ArcMC UI
  • Consolidated Group/User/Role management within Fusion
• Logical Connector Grouping
  • SmartConnectors configured with a connector group name will have the group name shown in ArcMC license reports. Grouping enables customers who have multiple connectors servicing a log source to view connector licensing metrics for the group.
• Platform Currency
  • Platform component version updates have been certified on RHEL 8.2 and 7.9, and CentOS 8.2 and 7.9, with current releases of Azul Zulu Java runtime and Tomcat 9.x.

The Transformation Hub v3.5 release is focused on the following areas:
New Event Enrichment Stream Processor

• Enables a task-based event enrichment streaming process.  This release supports Global Event ID enrichment and bootstraps a new Kafka Topic containing enriched events - mf - event-avro-enriched

Kafka Manager now requires permissions to launch

• The Fusion permission Manage Kafka is required for a user to access Kafka Manager. The user must manually enter the Kafka Manager URL into the browser https://<cdf_masternode_hostname or virtual ip hostname>/th/cmak and have the proper permissions to launch the Kafka Manager

Platform Currency

• Updated libraries for RHEL and CentOS, Azul Java, PostgreSQL, Apache Kafka Client, and the Confluent Platform

Refer to the Release Notes for specifics on these highlights, other new or modified features and defects addressed.

The Smart Connector v8.2.0 release is focused on the following areas:

• New SmartConnectors:
  • MS 365 Defender
  • New support for GCP security event sources
  • New Polyverse Zerotect FlexConnector supports zero-day detection
• Windows Native Connector (WiNC) performance and stability improvements.  Now 20% faster than v8.1.
• New online documentation enables searches
• Improve AWS Security Hub event log service coverage
• New support for Microsoft Azure Powershell
• New support for Micro Focus SaaS initiatives
• Enable crowd sourcing for Connector & Parsers on MF managed GitHub
• Connector currency updates – Over 60 new device, component, and OS version support
• Support for Micro Focus SaaS initiatives
• Support latest ArcSight releases (Logger, THub, Recon, Appliances, ESM, …)
• RHEL/CentOS 7.9 and 8.x, vulnerability, Postgres, Tomcat, JVM, cipher & library updates

Refer to the Release Notes for specifics on these highlights, other new or modified features and defects addressed.

The Latest 3 versions of Smart Connector Framework v8.0.0, v8.1.0 and v8.2.0 can be found On the Software Entitlement portal: https://entitlement.microfocus.com/mysoftware/iam/home

Enterprise Security Manager (ESM) v7.5:

• Integration with Full Armor, a leader in enterprise policy management, enables SOCs to use Active Directory users and groups to manage their ArcSight ESM user/group membership
• Currency updates to Java and OS
• FIPS mode enabled by default on fresh installations
• Performance improvements to cloud-hosted deployments and more
• Stability improvements and security enhancements

See the release notes of each product for more information.

This release is part of the larger ArcSight 2021.1 release. You can read more about the details of this release, and how it will enable your SOC, in our “ArcSight’s Latest and Greatest” flyer available here: https://www.microfocus.com/media/article/arcsights-latest-and-greatest-article.pdf 

A video summary of the release is also available on our ArcSight Unplugged channel: https://www.youtube.com/channel/UCWfeits4KBY-pyqvwM8szWw

For more information, please check the Release Notes for this version (available from MySupport).    

If you have an active support subscription for these products, please plan for downloading this version from the Software Licenses and Downloads Portal. To access these products in the Software Licenses and Downloads Portal, you will need to sign in with your Micro Focus credentials.

Our goal is to provide you with clear visibility into the support time-line of software products, enabling you to use this information to plan, test, and deploy new product versions. For more information, check our MySupport Software Product Lifecycle pages.

Please note that all Security ArcSight Data Platform customers with active support subscriptions are eligible to update to Security ArcSight Data Platform version 2.7.