Below are highlighted important Connector Appliance information.
Remote Management AUP Importing
When importing a remote management AUP for remotely managed hosts onto an appliance, you may see an error message that states “Wrong appliance model in remote management AUP file”. If this occurs, upgrade the appliance to version 6.2.
Port Change for HTTP Requests
Connector Appliance now redirects HTTP requests for port 80 to port 443 so that you can access the Connector Appliance login page by typing just the appliance hostname or IP address into the browser address field. If you are using port 80 on your SmartConnectors, reconfigure the connectors to use a different port before you upgrade Connector Appliance.
Upgrading to the Latest SmartConnector Version
To upgrade the connectors you manage on the Connector Appliance to the latest SmartConnector version, you need to apply the latest build to the container that contains those connectors. For information about upgrading a container to a specific connector version, refer to the ArcSight Connector Appliance Administrator’s Guide
Supported SmartConnectors
The list of SmartConnectors available in the Connector Type pull-down includes all supported SmartConnectors. Some SmartConnectors are not currently supported for use on the Connector Appliance, but can be managed remotely.
For the current list of SmartConnectors supported for installation on Connector Appliance, including those that require additional setup, refer to the article Supported Products for Connector Appliance from the ArcSight Knowledge Base.
Syslog and SNMP SmartConnectors
You can install all syslog and SNMP SmartConnectors on the Connector Appliance.
Note: To prevent performance degradation, ArcSight strongly recommends that you do not have more than one syslog connector in a container.For more information, refer to the article Running Multiple Syslog SmartConnectors in a Single Containerin the ArcSight Knowledge Base.
Database Type SmartConnectors
You can run database SmartConnectors that connect to Windows-based databases (such as Microsoft SQL Audit DB) on Linux or other platforms using JDBC drivers. The ArcSight Connector Appliance Administrator’s Guide describes how to obtain and install the required JDBC drivers, and how to use the user-defined JDBC Repository feature to install the drivers on the local Connector Appliance.
File Type SmartConnectorsNote: Database SmartConnectors that use Microsoft SQL Server 2005 JDBC Driver 1.2 do not run in FIPS mode. For the database connectors to run in FIPS mode, you need to install Microsoft SQL Server 2005 JDBC Driver 1.1.
Any event sources, including scanners running in automatic mode and Windows-based sources, can write to files on a Remote File System (also known as NFS and CIFS Storage) that the Connector Appliance can mount and access.
Note: Appliance-based, file-type SmartConnectors require NFS or CIFS storage mounts, as appropriate.
Configure an NFS mount (Setup > System Admin > Storage > Remote File System > NFS) or a CIFS mount (Setup > System Admin > Storage> Remote File System > CIFS) before configuring the SmartConnector. For more information, see the ArcSight Connector Appliance Administrator’s Guide.
API Type SmartConnectors
On the Connector Appliance, you cannot use Microsoft and other API-type SmartConnectors that need to be located on the host they are monitoring. CheckPoint OPSEC SmartConnectors are supported in sslca mode using the pull cert command described in the ArcSight Connector Appliance Administrator’s Guide. The following API-type SmartConnectors work with the Connector Appliance, but with the limitations listed below:
API SmartConnector | Limitation |
Check Point FW-1/VPN-1 OPSEC | Only clear and sslca modes are supported. sslopsec mode is not supported. |
Check Point FW-1/VPN-1 OPSEC (Legacy) | Only clear and sslca modes are supported. sslopsec mode is not supported. |
Sourcefire Defense Center eStreamer | Not supported in FIPS mode. Windows Unified Not supported in FIPS mode. |
No comments:
Post a Comment