ArcSight content subscription is a paid support option that entitles the customer to receive periodical update to ArcSight content and context information. Starting with the connector build 7.2.3 a change in the framework of connector/content framework was introduced. Builds 7.2.2 and earlier cannot operate with the new framework
Content update
As vendors release new events (for example, new IDS signatures, or new event IDs), ArcSight provides categorization for each of these event codes. For example, Microsoft Windows has event ID “529” which represents a logon failure; HP ArcSight maps additional categorization for that event, including:
/Operating System (Category Device Group)
/Authentication/Verify (Category Behavior)
/Failure (Category Outcome)
ArcSight bi-weekly content update includes categorization for new IDS signatures and events.Content subscription update is available for download for customers on MicroFocus Support Portal
The following data sources have new signatures and categorizations in Content update AUP 8028:
Aruba Networks ClearPass 6.5.4
Cisco Secure IDS S992
Juniper IDP Content Version 2981
McAfee Network Security Manager 9.8.5.2
Snort 2.8
Sourcefire SEU 2983
Symantec Network Security 7100 Security Update 209
TippingPoint SMS IPS DV8988