This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ArcSight SmartConnector Build 7.6.0.8009 is now available

We are pleased to announce that ArcSight SmartConnector Build 7.6.0.8009 is now available for download from the HPE support web site at https://softwaresupport.hpe.com/.

 Overview

 HP ArcSight is a leading global provider of security and compliance management solutions. ArcSight SmartConnectors provide advanced event and log data collection and processing capabilities to help enterprises and government agencies gain comprehensive visibility and critical insights into their IT infrastructure across all users, networks, datacenters, and applications. SmartConnectors are updated frequently to add support for new devices and event sources as well as new device versions.

 Highlights 

  • FIPS: Support added for Microsoft Windows Event Log – Native SmartConnector
  • Amazon Web Services CloudTrail: Added support for ‘us-east-2’ region; Key Management Service (KMS) events and EC2 role-based access
  • Filtering before event Collection: Ability to filter out events before they are counted for licensing by connector.
  • IP Flow Information Export (IPFIX)/IP Flow (NetFlow/J-Flow): A new mechanism is developed for this specific connector to accurately calculate the original byte size for license
  • SNMP Unified:  IP Address of the listening device can now be configured.
  • Syslog NG Daemon Certificates:  Syslog-ng.cert can be replaced with CA or self-signed certificates
  • TCP CEF Syslog Destinations: A parameter has been added to disconnect/reconnect, useful for distributing events evenly when a load balancer is used in a multi-tiered connector installation.

Integration

  • Parser update releases 7.5.1.7996 and 7.5.2.8001 have been integrated into this framework release. These releases contain version updates, fixed issues, and enhancements for SmartConnectors listed below           

Release 7.5.1

  • Cisco ASA Syslog 
  • Cisco IOS Syslog (v15.6)
  • Cisco IronPort Web Security Appliance File (AsyncOS v10 - Apache and Squid formats) 
  •  Cisco ISE Syslog
  • Cisco Wireless LAN Controller Syslog 
  • F5 BIG-IP Syslog (F5 TMOS v12.0, v12.1)
  • Juniper JUNOS Syslog 
  • Microsoft DNS Trace Log Multiple Server File   
  • Microsoft Exchange Message Tracking Log Multiple Server File (Microsoft Exchange Server 2016)     
  • Microsoft Windows Event Log – Native   
  • Proofpoint Enterprise Protection and Enterprise Privacy Syslog (v8.4)   
  • Symantec Endpoint Protection DB (v14: Server Admin Log, Behavior, and Virus categories)   

Release 7.5.2

  • Cisco NX OS Syslog 
  • Cisco Secure ACS Syslog 
  • Juniper JUNOS Syslog 
  • Infoblox NIOS Syslog (v7.2, v7.6)    
  • Microsoft Office 365    
  • Oracle Audit Syslog    
  • Symantec Endpoint Protection DB (v14: System Events) 

 New Device, Component, or OS Version Support

SmartConnector for  New Device, Component, or OS Version  

  • McAfee ePolicy Orchestrator DB  McAfee Endpoint Security (ENS) 10.5 with ePO 5.3  
  • Symantec Endpoint Protection DB 14.0 (Network Threat Protection, Anti-Virus and Anti-Spyware Protection, Scan, Notification Alert, and Server Policy Events)

  New Connector Support 

SmartConnector for New Device, Component, or OS Version

  • Apache HTTP Server Access Multiple File: Replaces the Apache HTTP Server Access File connector, providing the ability to specify multiple files for event collection. Apache HTTP Server versions 1.3 and 2.4 are supported.
  • Cisco IronPort Web Security Syslog:  Provides ability to monitor Web Security appliance events through syslog. Web Security AsyncOS version 9.0 is supported.  
  • IBM Security Access Manager Syslog:  Replaces the IBM Tivoli Access Manager connectors to monitor protected information and resources as well as authentication, authorization, data security, and resource management capabilities. ISAM versions 8.0 and 9.0 for audit and system logs are supported.
  • McAfee Web Gateway Syslog Provides ability to monitor Web Gateway events through syslog for protection against web-born threats. Web Gateway version 7.6 for Access Log is supported. Sun ONE Web Access Multiple Server File   Replaces the Sun ONE Web Access File connector, providing the ability to specify multiple files for event collection. Sun ONE Web Access Server Version 6.0 SP8 is supported.

 There are many more issues fixed and enhancement delivered with this release.  Please read the SmartConnector Release Notes 7.6.0.8009 additional information.

 You can find documentation and release notes on Protect 724  here.

 If you have any questions, please contact Customer Support at: https://softwaresupport.hpe.com/

 Thank you,

 The HPE Security ArcSight SmartConnector Product Team