ArcSight content subscription is a paid support option that entitles the customer to receive periodical update to ArcSight content and context information. Starting with the connector build 7.2.3 a change in the framework of connector/content framework was introduced. Builds 7.2.2 and earlier cannot operate with the new framework
Content update
As vendors release new events (for example, new IDS signatures, or new event IDs), ArcSight provides categorization for each of these event codes. For example, Microsoft Windows has event ID “529” which represents a logon failure; HP ArcSight maps additional categorization for that event, including:
/Operating System (Category Device Group)
/Authentication/Verify (Category Behavior)
/Failure (Category Outcome)
ArcSight bi-weekly content update includes categorization for new IDS signatures and events.Content subscription update is available for download for customers on HP Support Portal
The following data sources have new signatures and categorizations in Content update AUP 8022:
Cisco Secure IDS S987
Enterasys Dragon 7.3-20170628
Juniper IDP Content Version 2928
McAfee Network Security Manager 8.7.104.3
Snort 2.8
Sourcefire SEU 2983
Symantec Network Security 7100 Security Update 171
TippingPoint SMS IPS DV8968