Idea ID: 2705646

ArcSight Smart Connector docker container

Status: Waiting for Votes

Waiting for Votes

See status update history

ArcSight Smart Connector docker container suitable for environments that are not supported.

Tags:

Parents
  • Hi,

    I'd say that the goal would be to have an official supported Docker Container Image provided by MF that contains the arcsight agents - for every single type.

    There are lots of vendors that are already doing this, take a look on the docker hub: https://hub.docker.com/search?q=oracle&type=image

    In tech terms, this is possible - on the last Protect17 we have a session: "Containers are everywhere, even on ArcSight SmartConnectors" that gave us the idea. I have personally tested and works.

    The thing would be to have it for all the agents type - currently I've just performed for a couple of types with certain destinations already configured. Since this requires automation, the only solution that comes to my mind were silent install config file as part of the Docker manifest. 

    Once the images are created, we'd just have to pull them from the container registry and deploy wherever we want to, i.e. bare server, VMs, K8s clusters ... and no longer installing and maintaining the traditional services installed on our VMs. 

    Those images can be even part of a CI/CD pipeline, that would enable version history, tracking and automation for deployment .. this is out of the scope - just thinking loudly about the possibilities - which are not just portability and agility. 

    Hope that this clarifies the idea behind.

    regards,

    Karl.

Comment
  • Hi,

    I'd say that the goal would be to have an official supported Docker Container Image provided by MF that contains the arcsight agents - for every single type.

    There are lots of vendors that are already doing this, take a look on the docker hub: https://hub.docker.com/search?q=oracle&type=image

    In tech terms, this is possible - on the last Protect17 we have a session: "Containers are everywhere, even on ArcSight SmartConnectors" that gave us the idea. I have personally tested and works.

    The thing would be to have it for all the agents type - currently I've just performed for a couple of types with certain destinations already configured. Since this requires automation, the only solution that comes to my mind were silent install config file as part of the Docker manifest. 

    Once the images are created, we'd just have to pull them from the container registry and deploy wherever we want to, i.e. bare server, VMs, K8s clusters ... and no longer installing and maintaining the traditional services installed on our VMs. 

    Those images can be even part of a CI/CD pipeline, that would enable version history, tracking and automation for deployment .. this is out of the scope - just thinking loudly about the possibilities - which are not just portability and agility. 

    Hope that this clarifies the idea behind.

    regards,

    Karl.

Children
No Data