ArcSight Recon 1.1 Patch 1 (1.1.1) enables the Reporting feature in Recon 1.1. This patch includes updates for the following capabilities:
ArcSight Fusion 1.2
Recon 1.1
ArcSight SOAR 3.0
Transformation Hub 3.4
Future versions of Recon will include this patch so that Reporting is functional after you upgrade or install a new version of Recon.
NOTE:This patch includes the Transformation Hub patch released in January 2021, which included the following files:
transformationhub-3.4.1.4.md5
transformationhub-3.4.1.4.tar
If you applied the Transformation Hub patch released in January 2021 to Transformation Hub 3.4, you do not need to upload the transformationhub-3.4.1.1.tar image file included with this patch. For more information about the Transformation Hub patch, see the Knowledgebase article KM03770628.
For additional updates about this patch, see the ArcSight Recon 1.1 documentation site.
For more information about the ArcSight Platform, as well as the capabilities that this patch updates, see the ArcSight Platform 20.11 documentation site.
To apply this patch, complete the steps listed in the following order:
|
Checklist Items |
|
|---|---|
|
☐ |
|
|
☐ |
|
|
☐ |
|
|
☐ |
|
|
☐ |
|
|
☐ |
|
|
☐ |
|
|
☐ |
|
Before applying this patch, verify that your environment includes the following capabilities:
Fusion 1.2
Recon 1.1
SOAR 3.0 (optional)
Transformation Hub 3.4
This release includes the following image files, as well as their corresponding md5 files:
|
File |
Description |
|---|---|
|
arcsight-installer-metadata-20.11.2.1.tar |
Installer file |
|
fusion-1.2.2.1.tar |
Image file for updating the Fusion capability |
|
recon-1.1.2.1.tar |
Image file for updating the Recon capability |
|
soar-3.0.1.1.tar |
Image file for updating the SOAR capability |
|
transformationhub-3.4.1.1.tar |
Image file for updating the Transformation Hub capability |
Download the arcsight-installer-metadata-20.11.2.1.tar file to your Windows machine of the upgrade version.
Download the image files to your cluster node of the upgrade version. For example, fusion-1.2.2.1.tar.
NOTE:If you applied the Transformation Hub patch released in January 2021 to Transformation Hub 3.4, you do not need to upload the transformationhub-3.4.1.1.tar image file again.
Browse to the Management Portal, by default https://<k8sMasterFqdn:5443>.
Select Suite, and select Management.
Select the Three Dots (Browse) on the far right, then choose Reconfigure.
Accept the certificate.
In the Management Portal, click ADMINISTRATION > Metadata
Select + Add.
Select the arcsight-installer-metadata-20.11.2.1.tar file from your system.
In the Management Portal, select Suite > Management.
Notice the number 1 in the red circle in the Update column.
Select the red circle, then select your recently added metadata file to initiate the upgrade.
In the Update to page, click NEXT until you reach the Transfer images page.
In the Import suite images page, click MORE to see what images are expected (3.0.uv.x). Next, you will upload the images to the docker registry.
Upload the offline images to the local docker registry:
cd {K8S_HOME}/scripts
For example:
cd /opt/arcsight/kubernetes/scriptsUpload EACH of the images using the following command:
./uploadimages.sh -u registry-admin -p {your_mgmt_portal_admin_password} -F /path/to/product/tar/file
For example:
./uploadimages.sh -u registry-admin -p Arcsight?123 -F /tmp/transformationhub-3.4.1.1.tarIn the Management Portal, navigate to the Import suite images page.
Click Check Again until you see all the required images available, then click Next.
From the Configure storage page, click Next.
Wait until the next page displays. Upgrade config container is being deployed to the cluster.
NOTE:If brand new properties are provided during upgrade, the Configuration page displays with a possibility to configure these properties beforehand. In case no new properties are provided, the Product upgrade page displays.
Click Next and wait until the process of upgrading pods begins.
(Optional) To monitor the process, run the following command:
kubectl get pods -n {suite-namespace}Your upgrade is complete.
The new version of the suite displays in the Suite > Management > Version column.
To restart the search-web-app pod on your cluster, run the following command:
kubectl delete pod -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1 ) $( kubectl get pods -A | grep search-web-app | cut -d ' ' -f4 )
Wait for the new search-web-app to start.
To monitor the process, run the following command:
kubectl get pods -A | grep search-web-app
During invoking uploadimages.sh the container images are not uploaded with FAILED status and kube-registry pod logs displays "error checking authorization: Token used before issued."
To correct, force recreation of daemon set by running the following commands:
kubectl get ds -n core kube-registry -o yaml > /tmp/kube-registry-ds.yml
kubectl delete -f /tmp/kube-registry-ds.yml
kubectl create -f /tmp/kube-registry-ds.yml
It's possible that your browser might experience a caching problem that causes the upgrade to pause or fail. If the loading icon spins without progress for more than 15 minutes, cancel the upgrade by pressing Esc. Then perform one of the following actions:
Clean the cache by clicking Ctrl + F5, then try the upgrade again.
Run the upgrade in a different browser.
Run the upgrade in Incognito mode.
For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.
Additional technical information or advice is available from several sources:
Product documentation, Knowledge Base articles, and videos: https://www.microfocus.com/support-and-services/
The Micro Focus Community pages: https://www.microfocus.com/communities/
© Copyright 2021 Micro Focus or one of its affiliates.
Confidential computer software. Valid license from Micro Focus required for possession, use or copying. The information contained herein is subject to change without notice.
The only warranties for Micro Focus products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein.
No portion of this product's documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's internal use, without the express written permission of Micro Focus.
Notwithstanding anything to the contrary in your license agreement for Micro Focus ArcSight software, you may reverse engineer and modify certain open source components of the software in accordance with the license terms for those particular components. See below for the applicable terms.
U.S. Governmental Rights. For purposes of your license to Micro Focus ArcSight software, “commercial computer software” is defined at FAR 2.101. If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation and other technical data subject to the terms of the Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulation (“FAR”) and its successors. If acquired by or on behalf of any agency within the Department of Defense (“DOD”), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of the Agreement as specified in 48 C.F.R. 227.7202-3 of the DOD FAR Supplement (“DFARS”) and its successors. This U.S. Government Rights Section 18.11 is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software or technical data.
For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/about/legal/.