SlideShare a Scribd company logo

ESM 6.5 Patch 1 Release Notes

P
Protect724migration

This document provides release notes for ArcSight ESM Version 6.5c Patch 1. The patch addresses critical issues in ESM 6.5c, provides updates for geographical information and vulnerability mapping, and includes instructions for installing the patch for the ESM main components and ArcSight Console. Issues fixed in the patch include issues with the CORR_Engine and Analytics. The release notes also describe open issues in the patch and issues closed in ESM 6.5c.

Software
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Release Notes ArcSight ESM Version 6.5c Patch 1 March 10, 2014
Copyright © 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Follow this link to see a complete statement of copyrights and acknowledgements: http://www.hpenterprisesecurity.com/copyright Contact Information Revision History Phone A list of phone numbers is available on the HP ArcSight Technical Support page: http://www8.hp.com/us/en/software- solutions/software.html?compURI=1345981#.URitMaVwpWI. Support Web Site http://support.openview.hp.com Protect 724 Community https://protect724.arcsight.com Date Product Version Description 3/10/2014 ArcSight ESM Version 6.5c Patch 1 Release Notes for ArcSight ESM Version 6.5c Patch 1
Confidential Release Notes ArcSight ESM 6.5c Patch 1 3 Contents ArcSight ESM Version 6.5c Patch 1 ......................................................................................................... 5 ESM 6.5c Patch 1 ............................................................................................................ 5 Purpose of this Patch ....................................................................................................... 5 Usage Notes for this Patch ................................................................................................ 5 Section 508 Compliance ................................................................................................... 5 Geographical Information Update ...................................................................................... 5 Vulnerability Updates ....................................................................................................... 6 Installing ESM Version 6.5c Patch 1 ................................................................................... 6 ArcSight ESM Main Component Suite ........................................................................... 7 ArcSight Console ....................................................................................................... 8 Issues Fixed in this Patch ............................................................................................... 12 CORR_Engine ......................................................................................................... 12 Analytics ................................................................................................................ 12 Open Issues in this Patch ............................................................................................... 12 Open and Closed Issues in ESM 6.5c ................................................................................ 12
4 Release Notes ArcSight ESM 6.5c Patch 1 Confidential Contents
Confidential Release Notes ArcSight ESM 6.5c Patch 1 5 ArcSight ESM Version 6.5c Patch 1  ESM 6.5c Patch 1 These release notes describe how to apply this patch release of ArcSight ESM. Instructions are included for each component, as well as other information about recent changes and open and closed issues. This patch is for ArcSight ESM 6.5c only. To set up a new ESM 6.5c installation, refer to the ArcSight ESM Installation and Configuration Guide. The build number for the ESM suite for this patch is 1736 The build number for the ArcSight Console for this patch is 1837.1. After you have installed 6.5c, follow the instructions in “Installing ESM Version 6.5c Patch 1” on page 6 of these release notes to apply Patch 1. Purpose of this Patch This patch:  Addresses critical issues in ESM 6.5c.  Provides updates for geographical information and vulnerability mapping. Usage Notes for this Patch Refer to ArcSight ESM Release Notes Version 6.5c. The usage notes for that release also apply to this patch. Section 508 Compliance ArcSight recognizes the importance of accessibility as a product initiative. To that end, ArcSight continues to make advances in the area of accessibility in its product lines. Geographical Information Update This version of ESM includes an update to the geographical information used in graphic displays. The version is GeoIP-532_20140201.
Vulnerability Updates 6 Release Notes ArcSight ESM 6.5c Patch 1 Confidential Vulnerability Updates This release includes recent vulnerability mappings from the February 2014 Context Update. Installing ESM Version 6.5c Patch 1 You can install this patch release using the platform-specific component executable files provided. Patch installers are available for all supported platforms. Please keep the following points in mind when installing Patch 1: Each component has install and uninstall steps. Device Vulnerability Updates Snort / Sourcefire SEU-1052 updated Faultline, Bugtraq, CVE, X-Force, Nessus, CERT, MSSB Enterasys Dragon IDS updated Faultline, CVE, Nessus, MSSB Cisco Secure IDS S771 updated Faultline, Bugtraq, CVE, Nessus Juniper / Netscreen IDP update 2344 updated Faultline, Bugtraq, CVE, X-Force, Nessus, MSSB, CERT TippingPoint UnityOne DV8524 updated Faultline, Bugtraq, CVE, Nessus, MSSB ISS SiteProtector updated Bugtraq, CVE, X-Force, CERT Symantec Endpoint Protection updated Bugtraq, CVE McAfee HIPS 7.0 updated CVE Radware DefensePro updated CVE • For all components and platforms: Make sure that you have enough space available before you install the patch. The installer checks for 1 GB of space and generates an error if it is not available. If you run into disk space issues during installation, create enough space, restore the component base build from the backup, then resume patch installation. • Backup, patch install, and uninstall procedures require permissions for the relevant components. To install a patch, make sure that the user who owns the base build installation folder has full privileges on the PATH where the base build is installed. • To uninstall the software you must be at the same user level as the original installer. • It is a good practice to create a backup of the existing product before installation begins. Do not simply rename files and leave them in the same directory. Java reads all the files present, regardless of renaming, and can pick up old code inadvertently, causing undesirable results. • For backup, patch install, and uninstall, we recommend that you log in to the target machine with a specific account name via telnet or SSH. If you switch accounts after logging in, then specify the flag "-" for the su command (su - <UserName>).
Installing ESM Version 6.5c Patch 1 Confidential Release Notes ArcSight ESM 6.5c Patch 1 7 ArcSight ESM Main Component Suite This section describes how to install or uninstall the ESM 6.5c Patch 1 for all the main components except the ArcSight Console. These components include the Manager, ArcSight Web, and the CORR-Engine. To Install the Patch 1 Stop the ArcSight services as user arcsight. /sbin/service arcsight_services stop all 2 Back up the ArcSight directory, /opt/arcsight, by making a copy. Place the copy in a readily accessible location. This is just a precautionary measure so you can restore the original state, if necessary. 3 Download the patch from the HP Software Support Online site (http://support.openview.hp.com). ArcSightESMSuitePatch-XXXX.tar ...where XXXX represents the suite build number. 4 Extract the tar file and run the patch installer as user arcsight: ./ArcSightESMSuitePatch.bin To install in Console mode, run the following command from the shell prompt and then follow the instructions in the window: ./ArcSightESMSuitePatch.bin -i console 5 Read through the license agreement and accept it at the end. In GUI mode, the acceptance radio button is disabled until you scroll to the bottom of the agreement. In the console mode, press Enter until you have paged through to the end of the license agreement. 6 Select a location for the uninstaller link, if you want to have a shortcut to the uninstaller in some other location. You must have write permission to the specified folder. 7 Check the pre-installation summary to verify that all the locations listed are correct and that you have enough disk space to install this patch. 8 Click Install. 9 Click Next on the File Delivery Complete screen to install the CORR-Engine, Manager, and ArcSight Web components. 10 Click Done on the Install Complete screen. • Before you install the patch, verify that <ARCSIGHT_HOME> and any of its subdirectories are not being accessed by open shells on your system. • If for any reason you need to re-install the patch, run the patch uninstaller before installing the patch again. Arcsight recommends that you do not simply rename files and leave them in the same directory. Java reads all the files present, regardless of renaming, and can pick up old code inadvertently, causing undesirable results.
Installing ESM Version 6.5c Patch 1 8 Release Notes ArcSight ESM 6.5c Patch 1 Confidential 11 Restart the ArcSight services as user arcsight: /sbin/service arcsight_services start all To Uninstall the Patch If needed, use the procedure below to roll back this patch installation and restore the system to the pre-patched state. 1 Stop the ArcSight services as user arcsight. /sbin/service arcsight_services stop all 2 Run the uninstaller program from either the directory where you created the link while installing the product or, if you had opted not to create a link, then run this from the /opt/arcsight/suitepatch/UninstallerData_6.5.0.1 directory: ./Uninstall_ArcSight_ESM_Suite_Patch Alternatively, you can run the following command from the /home/arcsight (or wherever you installed the shortcut link) directory: ./Uninstall_ArcSight_ESM_Suite_Patch_6.5.0.1 Or, to uninstall using Console mode, run: ./Uninstall_ArcSight_ESM_Suite_Patch_6.5.0.1 -i console Run the uninstaller in the same mode in which you ran the installer (GUI or Console mode). 3 Click Done on the Uninstall Complete screen. 4 Restart services by running the following command as user root or as user arcsight: /sbin/service arcsight_services start all ArcSight Console This section describes how to install or uninstall the ESM 6.5c Patch 1 for ArcSight Console on Windows, Mac, and Linux platforms. Before you begin to uninstall, verify that the Manager’s <ARCSIGHT_HOME> and any of its subdirectories are not being accessed by any open shells on your system. The ArcSight ESM Console is not supported on AIX or Solaris. The following steps do not include information for installing a Console patch on those platforms.
Installing ESM Version 6.5c Patch 1 Confidential Release Notes ArcSight ESM 6.5c Patch 1 9 To Install the Patch 1 Exit the ArcSight Console. 2 Back up the Console directory (for example, /home/arcsight/console/current) by making a copy. Place the copy in a readily accessible location. This is a precautionary measure so you can restore the original state, if necessary. Download the executable file specific to your platform from the HP Software Support Online site (http://support.openview.hp.com). YYYY.Y represents the Console build number.  Patch-6.5.0.YYYY.Y-Console-Win.exe  Patch-6.5.0.YYYY.Y-Console-Linux.bin  Patch-6.5.0.YYYY.Y-Console-MacOSX.zip For the Mac, see To Install the Patch on a Mac, below. 3 Run one of the following executables specific to your platform:  On Windows: Double-click Patch-6.5.0.YYYY.Y-Console-Win.exe  On Linux: Verify that you are logged in as user arcsight:, and then run the following command: ./Patch-6.5.0.YYYY.Y-Console-Linux.bin To install in Console mode, run the following command from the shell prompt and then follow the instructions in the window: ./Patch-6.5.0.YYYY.Y-Console-Linux.bin -i console The installer launches the Introduction window. 4 Read the instructions provided and click Next. 5 Accept the terms of the license agreement and click Next. The acceptance radio button is disabled until you scroll to the bottom of the agreement. 6 Enter the location of your existing <ARCSIGHT_HOME> directory for your Console installation in the text box provided or navigate to the location by clicking Choose… If you want to restore the installer-provided default location, click Restore Default Folder. 7 Click Next. • Before you install the patch, verify that the Console’s <ARCSIGHT_HOME> directory and any of its subdirectories are not being accessed by any open shells on your system. • If you need to re-install the patch, run the patch uninstaller before installing the patch again. HP recommends that you do not simply rename files and leave them in the same directory. Java reads all the files present, regardless of renaming, and can pick up old code inadvertently, causing undesirable results.
Installing ESM Version 6.5c Patch 1 10 Release Notes ArcSight ESM 6.5c Patch 1 Confidential 8 Choose a Link Location (on Linux) or Shortcut location (on Windows) by clicking the appropriate radio button and click Next. 9 Check the pre-installation summary to verify that all the locations listed are correct and that you have enough disk space to install this patch. 10 Click Install. 11 Click Done on the Install Complete screen. To Install the Patch on a Mac The patch installer download and run procedure is slightly different on the Mac than on the other supported platforms. 1 Exit the ArcSight Console. 2 Back up the Console directory (for example, /home/arcsight/console/current) by making a copy. Place the copy in a readily accessible location. This is just a precautionary measure so you can restore the original state, if necessary. 3 Download the file Patch-6.5.0.YYYY.Y-Console-MacOSX.zip to anywhere on your system. 4 Launch the patch installer by double-clicking the ArcSightConsolePatch file. 5 Follow the steps on the patch install wizard, providing the information as prompted:  Accept the terms of the license agreement and click Next. The acceptance radio button is disabled until you scroll to the bottom of the agreement.  Choose the location where you want to install the patch. Browse to <ARCSIGHT_HOME>, where your previous Console was installed.  Choose an alias location for the Console application (or opt to not use aliases). This is the same as a link location on UNIX systems or shortcut location on Windows systems. 6 Click Next. 7 Verify your settings and click Install. To Uninstall the Patch If needed, use the procedure below to roll back this patch installation. 1 Exit the ArcSight Console. The patch installer file shows as a ZIP file on the download site, but downloads as ArcSightConsolePatch.app on the Mac. A single or double-click on this APP file launches the patch installer, depending on how you have set these options. There is no need to “extract” or “unzip” the file; it downloads as an APP file. Before you begin to uninstall, verify that the Console’s <ARCSIGHT_HOME> and any of its subdirectories are not being accessed by any open shells on your system.
Installing ESM Version 6.5c Patch 1 Confidential Release Notes ArcSight ESM 6.5c Patch 1 11 2 Run the uninstaller program: On Windows:  Double-click the icon you created for the uninstaller when installing the Console. For example, if you created an uninstaller icon on your desktop, double-click that icon.  If you created a link in the Start menu, click: Start > All Programs > ArcSight ESM Console 6.5c Patch 1 > Uninstall ArcSight ESM Console 6.5c Patch 1  Or, run the following from the Console’s <ARCSIGHT_HOME>currentUninstallerData_6.5.0.1 directory: Uninstall_ArcSight_ESM_Console_Patch On Linux:  From the directory where you created the link when installing the Console (your home directory or some other location), run: ./Uninstall_ArcSight_ESM_Console_6.5.0.1  Or, to uninstall using Console mode, run: ./Uninstall_ArcSight_ESM_Console_6.5.0.1 -i console  If you did not create a link, execute the command from the Console’s <ARCSIGHT_HOME>/current/UninstallerData6.5.0.1 directory: ./Uninstall_ArcSight_ESM_Console_Patch On a Mac:  From the directory where you created the link when installing the Console, run: Uninstall_ArcSight_Console_6.5.0.1  From the Console’s <ARCSIGHT_HOME>/current/UninstallerData_6.5.0.1 directory, run: Uninstall_ArcSight_ESM_Console_Patch 3 Click Done on the Uninstall Complete screen.
Issues Fixed in this Patch 12 Release Notes ArcSight ESM 6.5c Patch 1 Confidential Issues Fixed in this Patch The following issues are fixed in this patch. CORR_Engine Analytics Open Issues in this Patch This release contains no new open issues. Open and Closed Issues in ESM 6.5c For information about open and closed issues for ESM 6.5c, see the release notes for that version. Issue Description NGS-8252 Under certain loads, an unstable condition could on occasion arise that leads to a Signal 11 occurrence. This patch release provides a significant improvement to reduce the likelihood of a signal 11 condition. Issue Description NGS-8251 Under some circumstances, events had incorrect severity values. This is now fixed.

More Related Content

PDF
Esm rel notes_6.0cp1
Protect724v3
 
PDF
ESM 6.9.1c Patch1 Release Notes
Protect724tk
 
PDF
ESM 5.5 Patch 1 Release Notes
Protect724
 
PDF
ArcSight Express 4.0 Patch 1 release notes
Protect724v2
 
PDF
ESM 6.8c Patch 2 Release Notes
Protect724v3
 
PDF
Installation Guide for ESM 6.8c
Protect724migration
 
PDF
Esm rel notes_6.0cp3
Protect724v3
 
PDF
SafePeak Installation guide
Vladi Vexler
 
Esm rel notes_6.0cp1
Protect724v3
 
ESM 6.9.1c Patch1 Release Notes
Protect724tk
 
ESM 5.5 Patch 1 Release Notes
Protect724
 
ArcSight Express 4.0 Patch 1 release notes
Protect724v2
 
ESM 6.8c Patch 2 Release Notes
Protect724v3
 
Installation Guide for ESM 6.8c
Protect724migration
 
Esm rel notes_6.0cp3
Protect724v3
 
SafePeak Installation guide
Vladi Vexler
 

Similar to ESM 6.5 Patch 1 Release Notes (20)

PDF
Esm rel notes_6.0cp2
Protect724v3
 
PDF
ESM 6.9.1c Patch 3 Release Notes
Protect724tk
 
PDF
Esm rel notes_6.8cp4
Protect724v3
 
PDF
ESM 6.9.1c Patch 2 Release Notes
Protect724tk
 
PDF
ArcMC 2.5.1 Release Notes
Protect724mouni
 
PDF
Esm 6.0c appliance_config_guide_e7400
Protect724v3
 
PDF
ESM 5.2 Patch 2 Release Notes
Protect724
 
PDF
HPE ArcSight RepSM Plus Model Import Connector Config Guide
protect724rkeer
 
PDF
HPE ArcSight RepSM Plus 1.6 Release Notes
protect724rkeer
 
PDF
ESM for Azure 6.9.1 Setup Guide
Protect724tk
 
PDF
ArcSight Management Center 2.5 Release Notes
Protect724mouni
 
PDF
Aid rel notes_5.6
Protect724v3
 
PDF
Aid rel notes_5.6 (1)
Protect724
 
PDF
RepSM Model Import Connector v5.2.7.6581.0 Configuration Guide for ArcSight E...
Protect724v2
 
PDF
Ae appliance upgrade_cent_os62-65
Protect724v2
 
PDF
ESM_UpgradingTo5.6.pdf
Protect724migration
 
PDF
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
 
PDF
Safe peak installation guide version 2.1
Vladi Vexler
 
PDF
ESM Upgrade Guide (ESM v6.9.1c)
Protect724tk
 
PDF
Reputation Security Monitor (RepSM) v1.01 Release Notes for ArcSight Express ...
Protect724v2
 
Esm rel notes_6.0cp2
Protect724v3
 
ESM 6.9.1c Patch 3 Release Notes
Protect724tk
 
Esm rel notes_6.8cp4
Protect724v3
 
ESM 6.9.1c Patch 2 Release Notes
Protect724tk
 
ArcMC 2.5.1 Release Notes
Protect724mouni
 
Esm 6.0c appliance_config_guide_e7400
Protect724v3
 
ESM 5.2 Patch 2 Release Notes
Protect724
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
protect724rkeer
 
HPE ArcSight RepSM Plus 1.6 Release Notes
protect724rkeer
 
ESM for Azure 6.9.1 Setup Guide
Protect724tk
 
ArcSight Management Center 2.5 Release Notes
Protect724mouni
 
Aid rel notes_5.6
Protect724v3
 
Aid rel notes_5.6 (1)
Protect724
 
RepSM Model Import Connector v5.2.7.6581.0 Configuration Guide for ArcSight E...
Protect724v2
 
Ae appliance upgrade_cent_os62-65
Protect724v2
 
ESM_UpgradingTo5.6.pdf
Protect724migration
 
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
 
Safe peak installation guide version 2.1
Vladi Vexler
 
ESM Upgrade Guide (ESM v6.9.1c)
Protect724tk
 
Reputation Security Monitor (RepSM) v1.01 Release Notes for ArcSight Express ...
Protect724v2
 
Ad

More from Protect724migration (20)

PDF
Upgrade Guide for ESM 6.8c
Protect724migration
 
PDF
Arcsight ESM Support Matrix
Protect724migration
 
PDF
HPE ArcSight ESM Support Matrix
Protect724migration
 
PDF
ESM 101 for ArcSight Express v4.0
Protect724migration
 
PDF
ArcSight Web User's Guide for ESM 6.5c
Protect724migration
 
PDF
Administrator's Guide for ESM 6.5c
Protect724migration
 
PDF
Administrator's Guide for ArcSight Express v4.0
Protect724migration
 
PDF
ESM 101 for ESM 6.8c
Protect724migration
 
PDF
ESM 101 for ESM 6.5c
Protect724migration
 
PDF
Arcsight ESM Support Matrix
Protect724migration
 
PDF
Workflow Standard Content Guide for ESM 6.8c
Protect724migration
 
PDF
Upgrade Guide for ESM 6.5c
Protect724migration
 
PDF
Forwarding Connector Release Notes for version 6.0.4.6830.0
Protect724migration
 
PDF
Network Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
PDF
Netflow Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
PDF
Forwarding Connector User's Guide for version 6.0.4.6830.0
Protect724migration
 
PDF
IPv6 Standard Content Guide for ESM 6.8c
Protect724migration
 
PDF
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
Protect724migration
 
PDF
Intrusion Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
PDF
Cisco Monitoring Standard Content Guide for ESM 6.5c
Protect724migration
 
Upgrade Guide for ESM 6.8c
Protect724migration
 
Arcsight ESM Support Matrix
Protect724migration
 
HPE ArcSight ESM Support Matrix
Protect724migration
 
ESM 101 for ArcSight Express v4.0
Protect724migration
 
ArcSight Web User's Guide for ESM 6.5c
Protect724migration
 
Administrator's Guide for ESM 6.5c
Protect724migration
 
Administrator's Guide for ArcSight Express v4.0
Protect724migration
 
ESM 101 for ESM 6.8c
Protect724migration
 
ESM 101 for ESM 6.5c
Protect724migration
 
Arcsight ESM Support Matrix
Protect724migration
 
Workflow Standard Content Guide for ESM 6.8c
Protect724migration
 
Upgrade Guide for ESM 6.5c
Protect724migration
 
Forwarding Connector Release Notes for version 6.0.4.6830.0
Protect724migration
 
Network Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
Netflow Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
Forwarding Connector User's Guide for version 6.0.4.6830.0
Protect724migration
 
IPv6 Standard Content Guide for ESM 6.8c
Protect724migration
 
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
Protect724migration
 
Intrusion Monitoring Standard Content Guide for ESM 6.8c
Protect724migration
 
Cisco Monitoring Standard Content Guide for ESM 6.5c
Protect724migration
 
Ad

Recently uploaded (20)

PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
System and Network Administration Chapter 2
jaramharo
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
AI in Product Development-omnex systems
omnex systems
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Transform Your Business with a Software ERP System
Canada Software Company
 

ESM 6.5 Patch 1 Release Notes

  • 1. Release Notes ArcSight ESM Version 6.5c Patch 1 March 10, 2014
  • 2. Copyright © 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Follow this link to see a complete statement of copyrights and acknowledgements: http://www.hpenterprisesecurity.com/copyright Contact Information Revision History Phone A list of phone numbers is available on the HP ArcSight Technical Support page: http://www8.hp.com/us/en/software- solutions/software.html?compURI=1345981#.URitMaVwpWI. Support Web Site http://support.openview.hp.com Protect 724 Community https://protect724.arcsight.com Date Product Version Description 3/10/2014 ArcSight ESM Version 6.5c Patch 1 Release Notes for ArcSight ESM Version 6.5c Patch 1
  • 3. Confidential Release Notes ArcSight ESM 6.5c Patch 1 3 Contents ArcSight ESM Version 6.5c Patch 1 ......................................................................................................... 5 ESM 6.5c Patch 1 ............................................................................................................ 5 Purpose of this Patch ....................................................................................................... 5 Usage Notes for this Patch ................................................................................................ 5 Section 508 Compliance ................................................................................................... 5 Geographical Information Update ...................................................................................... 5 Vulnerability Updates ....................................................................................................... 6 Installing ESM Version 6.5c Patch 1 ................................................................................... 6 ArcSight ESM Main Component Suite ........................................................................... 7 ArcSight Console ....................................................................................................... 8 Issues Fixed in this Patch ............................................................................................... 12 CORR_Engine ......................................................................................................... 12 Analytics ................................................................................................................ 12 Open Issues in this Patch ............................................................................................... 12 Open and Closed Issues in ESM 6.5c ................................................................................ 12
  • 4. 4 Release Notes ArcSight ESM 6.5c Patch 1 Confidential Contents
  • 5. Confidential Release Notes ArcSight ESM 6.5c Patch 1 5 ArcSight ESM Version 6.5c Patch 1  ESM 6.5c Patch 1 These release notes describe how to apply this patch release of ArcSight ESM. Instructions are included for each component, as well as other information about recent changes and open and closed issues. This patch is for ArcSight ESM 6.5c only. To set up a new ESM 6.5c installation, refer to the ArcSight ESM Installation and Configuration Guide. The build number for the ESM suite for this patch is 1736 The build number for the ArcSight Console for this patch is 1837.1. After you have installed 6.5c, follow the instructions in “Installing ESM Version 6.5c Patch 1” on page 6 of these release notes to apply Patch 1. Purpose of this Patch This patch:  Addresses critical issues in ESM 6.5c.  Provides updates for geographical information and vulnerability mapping. Usage Notes for this Patch Refer to ArcSight ESM Release Notes Version 6.5c. The usage notes for that release also apply to this patch. Section 508 Compliance ArcSight recognizes the importance of accessibility as a product initiative. To that end, ArcSight continues to make advances in the area of accessibility in its product lines. Geographical Information Update This version of ESM includes an update to the geographical information used in graphic displays. The version is GeoIP-532_20140201.
  • 6. Vulnerability Updates 6 Release Notes ArcSight ESM 6.5c Patch 1 Confidential Vulnerability Updates This release includes recent vulnerability mappings from the February 2014 Context Update. Installing ESM Version 6.5c Patch 1 You can install this patch release using the platform-specific component executable files provided. Patch installers are available for all supported platforms. Please keep the following points in mind when installing Patch 1: Each component has install and uninstall steps. Device Vulnerability Updates Snort / Sourcefire SEU-1052 updated Faultline, Bugtraq, CVE, X-Force, Nessus, CERT, MSSB Enterasys Dragon IDS updated Faultline, CVE, Nessus, MSSB Cisco Secure IDS S771 updated Faultline, Bugtraq, CVE, Nessus Juniper / Netscreen IDP update 2344 updated Faultline, Bugtraq, CVE, X-Force, Nessus, MSSB, CERT TippingPoint UnityOne DV8524 updated Faultline, Bugtraq, CVE, Nessus, MSSB ISS SiteProtector updated Bugtraq, CVE, X-Force, CERT Symantec Endpoint Protection updated Bugtraq, CVE McAfee HIPS 7.0 updated CVE Radware DefensePro updated CVE • For all components and platforms: Make sure that you have enough space available before you install the patch. The installer checks for 1 GB of space and generates an error if it is not available. If you run into disk space issues during installation, create enough space, restore the component base build from the backup, then resume patch installation. • Backup, patch install, and uninstall procedures require permissions for the relevant components. To install a patch, make sure that the user who owns the base build installation folder has full privileges on the PATH where the base build is installed. • To uninstall the software you must be at the same user level as the original installer. • It is a good practice to create a backup of the existing product before installation begins. Do not simply rename files and leave them in the same directory. Java reads all the files present, regardless of renaming, and can pick up old code inadvertently, causing undesirable results. • For backup, patch install, and uninstall, we recommend that you log in to the target machine with a specific account name via telnet or SSH. If you switch accounts after logging in, then specify the flag "-" for the su command (su - <UserName>).
  • 7. Installing ESM Version 6.5c Patch 1 Confidential Release Notes ArcSight ESM 6.5c Patch 1 7 ArcSight ESM Main Component Suite This section describes how to install or uninstall the ESM 6.5c Patch 1 for all the main components except the ArcSight Console. These components include the Manager, ArcSight Web, and the CORR-Engine. To Install the Patch 1 Stop the ArcSight services as user arcsight. /sbin/service arcsight_services stop all 2 Back up the ArcSight directory, /opt/arcsight, by making a copy. Place the copy in a readily accessible location. This is just a precautionary measure so you can restore the original state, if necessary. 3 Download the patch from the HP Software Support Online site (http://support.openview.hp.com). ArcSightESMSuitePatch-XXXX.tar ...where XXXX represents the suite build number. 4 Extract the tar file and run the patch installer as user arcsight: ./ArcSightESMSuitePatch.bin To install in Console mode, run the following command from the shell prompt and then follow the instructions in the window: ./ArcSightESMSuitePatch.bin -i console 5 Read through the license agreement and accept it at the end. In GUI mode, the acceptance radio button is disabled until you scroll to the bottom of the agreement. In the console mode, press Enter until you have paged through to the end of the license agreement. 6 Select a location for the uninstaller link, if you want to have a shortcut to the uninstaller in some other location. You must have write permission to the specified folder. 7 Check the pre-installation summary to verify that all the locations listed are correct and that you have enough disk space to install this patch. 8 Click Install. 9 Click Next on the File Delivery Complete screen to install the CORR-Engine, Manager, and ArcSight Web components. 10 Click Done on the Install Complete screen. • Before you install the patch, verify that <ARCSIGHT_HOME> and any of its subdirectories are not being accessed by open shells on your system. • If for any reason you need to re-install the patch, run the patch uninstaller before installing the patch again. Arcsight recommends that you do not simply rename files and leave them in the same directory. Java reads all the files present, regardless of renaming, and can pick up old code inadvertently, causing undesirable results.
  • 8. Installing ESM Version 6.5c Patch 1 8 Release Notes ArcSight ESM 6.5c Patch 1 Confidential 11 Restart the ArcSight services as user arcsight: /sbin/service arcsight_services start all To Uninstall the Patch If needed, use the procedure below to roll back this patch installation and restore the system to the pre-patched state. 1 Stop the ArcSight services as user arcsight. /sbin/service arcsight_services stop all 2 Run the uninstaller program from either the directory where you created the link while installing the product or, if you had opted not to create a link, then run this from the /opt/arcsight/suitepatch/UninstallerData_6.5.0.1 directory: ./Uninstall_ArcSight_ESM_Suite_Patch Alternatively, you can run the following command from the /home/arcsight (or wherever you installed the shortcut link) directory: ./Uninstall_ArcSight_ESM_Suite_Patch_6.5.0.1 Or, to uninstall using Console mode, run: ./Uninstall_ArcSight_ESM_Suite_Patch_6.5.0.1 -i console Run the uninstaller in the same mode in which you ran the installer (GUI or Console mode). 3 Click Done on the Uninstall Complete screen. 4 Restart services by running the following command as user root or as user arcsight: /sbin/service arcsight_services start all ArcSight Console This section describes how to install or uninstall the ESM 6.5c Patch 1 for ArcSight Console on Windows, Mac, and Linux platforms. Before you begin to uninstall, verify that the Manager’s <ARCSIGHT_HOME> and any of its subdirectories are not being accessed by any open shells on your system. The ArcSight ESM Console is not supported on AIX or Solaris. The following steps do not include information for installing a Console patch on those platforms.
  • 9. Installing ESM Version 6.5c Patch 1 Confidential Release Notes ArcSight ESM 6.5c Patch 1 9 To Install the Patch 1 Exit the ArcSight Console. 2 Back up the Console directory (for example, /home/arcsight/console/current) by making a copy. Place the copy in a readily accessible location. This is a precautionary measure so you can restore the original state, if necessary. Download the executable file specific to your platform from the HP Software Support Online site (http://support.openview.hp.com). YYYY.Y represents the Console build number.  Patch-6.5.0.YYYY.Y-Console-Win.exe  Patch-6.5.0.YYYY.Y-Console-Linux.bin  Patch-6.5.0.YYYY.Y-Console-MacOSX.zip For the Mac, see To Install the Patch on a Mac, below. 3 Run one of the following executables specific to your platform:  On Windows: Double-click Patch-6.5.0.YYYY.Y-Console-Win.exe  On Linux: Verify that you are logged in as user arcsight:, and then run the following command: ./Patch-6.5.0.YYYY.Y-Console-Linux.bin To install in Console mode, run the following command from the shell prompt and then follow the instructions in the window: ./Patch-6.5.0.YYYY.Y-Console-Linux.bin -i console The installer launches the Introduction window. 4 Read the instructions provided and click Next. 5 Accept the terms of the license agreement and click Next. The acceptance radio button is disabled until you scroll to the bottom of the agreement. 6 Enter the location of your existing <ARCSIGHT_HOME> directory for your Console installation in the text box provided or navigate to the location by clicking Choose… If you want to restore the installer-provided default location, click Restore Default Folder. 7 Click Next. • Before you install the patch, verify that the Console’s <ARCSIGHT_HOME> directory and any of its subdirectories are not being accessed by any open shells on your system. • If you need to re-install the patch, run the patch uninstaller before installing the patch again. HP recommends that you do not simply rename files and leave them in the same directory. Java reads all the files present, regardless of renaming, and can pick up old code inadvertently, causing undesirable results.
  • 10. Installing ESM Version 6.5c Patch 1 10 Release Notes ArcSight ESM 6.5c Patch 1 Confidential 8 Choose a Link Location (on Linux) or Shortcut location (on Windows) by clicking the appropriate radio button and click Next. 9 Check the pre-installation summary to verify that all the locations listed are correct and that you have enough disk space to install this patch. 10 Click Install. 11 Click Done on the Install Complete screen. To Install the Patch on a Mac The patch installer download and run procedure is slightly different on the Mac than on the other supported platforms. 1 Exit the ArcSight Console. 2 Back up the Console directory (for example, /home/arcsight/console/current) by making a copy. Place the copy in a readily accessible location. This is just a precautionary measure so you can restore the original state, if necessary. 3 Download the file Patch-6.5.0.YYYY.Y-Console-MacOSX.zip to anywhere on your system. 4 Launch the patch installer by double-clicking the ArcSightConsolePatch file. 5 Follow the steps on the patch install wizard, providing the information as prompted:  Accept the terms of the license agreement and click Next. The acceptance radio button is disabled until you scroll to the bottom of the agreement.  Choose the location where you want to install the patch. Browse to <ARCSIGHT_HOME>, where your previous Console was installed.  Choose an alias location for the Console application (or opt to not use aliases). This is the same as a link location on UNIX systems or shortcut location on Windows systems. 6 Click Next. 7 Verify your settings and click Install. To Uninstall the Patch If needed, use the procedure below to roll back this patch installation. 1 Exit the ArcSight Console. The patch installer file shows as a ZIP file on the download site, but downloads as ArcSightConsolePatch.app on the Mac. A single or double-click on this APP file launches the patch installer, depending on how you have set these options. There is no need to “extract” or “unzip” the file; it downloads as an APP file. Before you begin to uninstall, verify that the Console’s <ARCSIGHT_HOME> and any of its subdirectories are not being accessed by any open shells on your system.
  • 11. Installing ESM Version 6.5c Patch 1 Confidential Release Notes ArcSight ESM 6.5c Patch 1 11 2 Run the uninstaller program: On Windows:  Double-click the icon you created for the uninstaller when installing the Console. For example, if you created an uninstaller icon on your desktop, double-click that icon.  If you created a link in the Start menu, click: Start > All Programs > ArcSight ESM Console 6.5c Patch 1 > Uninstall ArcSight ESM Console 6.5c Patch 1  Or, run the following from the Console’s <ARCSIGHT_HOME>currentUninstallerData_6.5.0.1 directory: Uninstall_ArcSight_ESM_Console_Patch On Linux:  From the directory where you created the link when installing the Console (your home directory or some other location), run: ./Uninstall_ArcSight_ESM_Console_6.5.0.1  Or, to uninstall using Console mode, run: ./Uninstall_ArcSight_ESM_Console_6.5.0.1 -i console  If you did not create a link, execute the command from the Console’s <ARCSIGHT_HOME>/current/UninstallerData6.5.0.1 directory: ./Uninstall_ArcSight_ESM_Console_Patch On a Mac:  From the directory where you created the link when installing the Console, run: Uninstall_ArcSight_Console_6.5.0.1  From the Console’s <ARCSIGHT_HOME>/current/UninstallerData_6.5.0.1 directory, run: Uninstall_ArcSight_ESM_Console_Patch 3 Click Done on the Uninstall Complete screen.
  • 12. Issues Fixed in this Patch 12 Release Notes ArcSight ESM 6.5c Patch 1 Confidential Issues Fixed in this Patch The following issues are fixed in this patch. CORR_Engine Analytics Open Issues in this Patch This release contains no new open issues. Open and Closed Issues in ESM 6.5c For information about open and closed issues for ESM 6.5c, see the release notes for that version. Issue Description NGS-8252 Under certain loads, an unstable condition could on occasion arise that leads to a Signal 11 occurrence. This patch release provides a significant improvement to reduce the likelihood of a signal 11 condition. Issue Description NGS-8251 Under some circumstances, events had incorrect severity values. This is now fixed.