HPE Security ArcSight SmartConnectors. Format Preserving Encryption Environment Setup Guide

Similar documents
HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

HPE Security ArcSight User Behavior Analytics

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

Configuration Guide. SmartConnector for Apache Tomcat File. February 14, 2014

HPE Security ArcSight. ArcSight Data Platform Support Matrix

Micro Focus Security ArcSight Connectors. SmartConnector for Microsoft IIS Multiple Site File. Configuration Guide

HP AutoPass License Server

Micro Focus Security ArcSight Connectors. SmartConnector for Snort Syslog. Configuration Guide

HPE ALM Client MSI Generator

Micro Focus Security ArcSight Connectors. SmartConnector for McAfee Gateway Syslog. Configuration Guide

HPE StoreEver MSL6480 Tape Library Version 5.50 Firmware Release Notes

HP UFT Connection Agent

HPE Security ArcSight Connectors

HPE Enterprise Integration Module for SAP Solution Manager 7.1

HP ALM Client MSI Generator

HP Fortify Scanning Plugin for Xcode

HPE Network Virtualization

IDE Connector Customizer Readme

Micro Focus Security ArcSight Connectors. SmartConnector for McAfee Network Security Manager Syslog. Configuration Guide

HPE Storage Optimizer Software Version: 5.4. Support Matrix

HPE ALM Excel Add-in. Microsoft Excel Add-in Guide. Software Version: Go to HELP CENTER ONLINE

SAP Business One Integration Framework

HPE ComputeSensor. User Guide. Software Version: 3.02 Windows and Linux operating systems. Document Release Date: August 2017

HPE Security Fortify WebInspect Enterprise Software Version: Windows operating systems. Installation and Implementation Guide

HPE Security ArcSight Connectors

HPE Security ArcSight ESM

HP ArcSight Express. Software Version: AE 4.0. Technical Note: ArcSight Express Backup and Recovery

HPE Security ArcSight Connectors

HP Virtual Connect Enterprise Manager

HPE ilo mobile app for ios

HPE Automatic Number Plate Recognition Software Version: Automatic Number Plate Recognition Release Notes

HP Operations Orchestration

Intelligent Provisioning 1.70 Release Notes

HPE ControlPoint. Software Version: Support Matrix

HPE ConnectorLib Java SDK

HP D6000 Disk Enclosure Direct Connect Cabling Guide

HP Enterprise Integration Module for SAP Solution Manager

HPE RDX Utility Version 2.36 Release Notes

HP Management Integration Framework 1.7

Intelligent Provisioning 1.64(B) Release Notes

HPE 3PAR OS GA Patch 12

Integrated Smart Update Tools for Windows and Linux User Guide

HP Operations Orchestration

External Devices User Guide

IDOL Site Admin. Software Version: User Guide

HPE Knowledge Article

OMi Management Pack for Microsoft SQL Server. Software Version: For the Operations Manager i for Linux and Windows operating systems.

Intelligent Provisioning 3.00 Release Notes

MegaTrack. Quick Start Guide

HPE Operations Agent. License Guide. Software Version: Windows, HP-UX, Linux, Solaris and AIX. Document Release Date: December 2016

HPE BladeSystem c-class Virtual Connect Support Utility Version Release Notes

Configuring Embedded LDAP Authentication

HPE D2600/D2700 Disk Enclosure I/O Module Firmware 0149 Release Notes

Installation Guide. OMi Management Pack for Microsoft Skype for Business Server. Software Version: 1.00

Micro Focus Security ArcSight Connectors. SmartConnector for Cisco Secure ACS Syslog. Configuration Guide

HP Operations Orchestration

Marvell BIOS Utility User Guide

HP Operations Orchestration

Guidelines for using Internet Information Server with HP StorageWorks Storage Mirroring

HP Network Node Manager ispi Performance for Quality Assurance Software

Legal Notices. The information contained herein is subject to change without notice.

HP Integration with Incorta: Connection Guide. HP Vertica Analytic Database

HPE Knowledge Article

HP Business Availability Center

Configuring LDAP Authentication for HPE OBR

HP Operations Orchestration Software

HPE VMware ESXi and vsphere 5.x, 6.x and Updates Getting Started Guide

HP Database and Middleware Automation

HP Operations Orchestration Software

HP Data Center Automation Appliance

HPE Insight Online User Guide

HP Data Protector 7.00 encrypted control communication certificates management

HPE Moonshot ilo Chassis Management Firmware 1.52 Release Notes

Configuring Security Mitigation Settings for Security Bulletin HPSBPI03569 Protecting Solution Installation Settings

HP LeftHand SAN Solutions

HP Enterprise Integration module for SAP applications

HP Operations Orchestration

HPE 3PAR OS MU5 Patch 49 Release Notes

HPE Structured Data Manager

HP Web Jetadmin 8.0 Credential Store Feature

HP Network Node Manager i Software Step-by-Step Guide to Scheduling Reports using Network Performance Server

Enterprise Integration Module for SAP Solution Manager 7.2

External Devices User Guide

HPE StoreEver MSL6480 Tape Library CLI Utility Version 1.0 User Guide

HP ALM Performance Center

HP Operations Manager

HP SM Service Catalog-PPM Center Project Proposal Integration Solution

HPE 3PAR OS MU3 Patch 28 Release Notes

HPE Remote Analysis Agent Software Version: 5.3 Microsoft Windows. Technical Note

Using the Server Automation Red Hat Importer

External Devices. User Guide

Transcription:

HPE Security ArcSight SmartConnectors Format Preserving Encryption Environment Setup Guide October 19, 2017

Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. The network information used in the examples in this document (including IP addresses and hostnames) is for illustration purposes only. HPE Security ArcSight products are highly flexible and function as you configure them. The accessibility, integrity, and confidentiality of your data is your responsibility. Implement a comprehensive security strategy and follow good security practices. This document is confidential. Restricted Rights Legend Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notice Copyright 2017 Hewlett Packard Enterprise Development, LP Follow this link to see a complete statement of copyrights and acknowledgements: https://community.saas.hpe.com/t5/discussions/third-party-copyright-notices-and-license-terms/td-p/1589228 Support Contact Information Phone A list of phone numbers is available on the HPE Security ArcSight Technical Support Page: https://softwaresupport.hpe.com/support-contact-information Support Web Site Protect 724 Community https://softwaresupport.hpe.com https://community.saas.hpe.com/t5/arcsight/ct-p/arcsight Revision History Date Description 10/19/2017 First release of this technical note. 2

Contents SmartConnectors with Format Preserving Encryption... 4 Network Connectivity... 4 Linux... 4 Windows... 5 Secure Data Appliance Certificates... 5 Windows... 5 Linux... 6 3

SmartConnectors with Format Preserving Encryption Running a SmartConnector with Format Preserving Encryption enabled requires correct environment setup for the machine hosting the SmartConnector. The setup primarily involves addressing two areas (1) ensuring proper connectivity between the connector machine and the SecureData appliance server and (2) ensuring the availability of an appliance certificate in all locations needed by the SmartConnector. In addition, if you are not using Instant Connector Deployment with ArcSight Management Center, or you are upgrading a connector to 7.7.0 from 7.6 or prior version (via ArcSight Management Center or standalone), you will need to manually install the client for each connector host. Consult your SecureData Appliance documentation for instructions for your platform. Follow the instructions to verify that the connectivity is established from the SecureData Client to the SecureData Server and the test program runs as expected before proceeding with SmartConnector configuration for data encryption. Data encryption parameters are described in the configuration guide for each SmartConnector. Network Connectivity Linux During connector configuration, during connector initialization at runtime, and also occasionally (even though not frequently) during events processing, the SmartConnector must connect to the SecureData appliance through the HTTPS protocol. Therefore, the HTTPS connectivity between the connector machine and the appliance server must be good. The following sections describe steps to be followed to ensure connectivity for Linux and Windows operating systems. Edit the /etc/hosts file of the connector machine to include a line for the IP address and the hostname for the SecureData appliance. This step is required only if the DNS does not recognize the SecureData appliance FQDN. If your connector machine does not require a proxy to make an HTTPS connection to the SecureData appliance server, you do not need to set up a proxy. Verify that no global proxy is set for your machine. For a given user, you can open a fresh terminal, log in as the user, and enter env grep i proxy to determine whether a proxy has been inadvertently set by someone else. If your connector machine requires a proxy to make an HTTPS connection to the SecureData appliance server, set up a proper proxy. There is more than one way to set up a proxy. The System Administrator can choose the proper way to do it for the case in hand. However, keep in mind the following three important items: 4

Windows o If there are machines that do not require a proxy to be reached from the connector machine (such as ESM or Logger, for example), then the no_proxy/no_proxy environment variables must be set to bypass proxies for those hosts. o Make sure that the proxy-related variables are set globally, that is, for all users. o Verify that whatever proxy-related variables you have set are not transient (valid for one shell/terminal), and also verify they are actually in effect. You may need to reboot your machine to verify. Finally, on a fresh terminal, enter env grep i proxy to see all proxy-related environment variables. For a machine that has a number of hosts that require a proxy and a number of hosts that do not require a proxy, you should see something like: no_proxy=localhost,.xxx.com,.aaa.bbb.com NO_PROXY=localhost,.xxx.com,.aaa.bbb.com https_proxy=dddd.ccccc.hh.com:8080 HTTPS_PROXY=dddd.ccccc.hh.com:8080 Edit the C:\Windows\System32\Drivers\etc\hosts file of the connector machine to include a line for the IP address and the hostname for the SecureData appliance. This step is required only if the DNS does not recognize the SecureData appliance FQDN. If your connector machine does not require a proxy to make an https connection to the SecureData appliance server, do not set up a proxy. Verify that no global proxy is set for your machine. For a given user, you can open a fresh terminal, log in as the user, and enter env grep i proxy to determine whether a proxy has been inadvertently set by someone else. If your connector machine requires a proxy to reach certain hosts and does not require a proxy to reach some hosts, you can set these parameters from your browser s Internet Options > Connections > LAN Settings >Advanced tab. After setting the correct proxies and bypass list properly, open a command prompt as Administrator and enter the following command to import the Internet Options into the HTTP protocol connection: netsh winhttp import proxy source=ie Secure Data Appliance Certificates To be able to make a successful connection and encrypt data, the server certificate must be present in all needed locations. These locations are highlighted in the following sections. Windows For SmartConnectors running in Windows, the server certificate must be in the following three locations. Perform these steps after installing the connector core software, but prior to selecting connector and adding parameter information. 5

Connector certificate store -../current/jre/lib/security/cacerts. When using FIPS for the connector, the certificate must be placed into..\current\user\agent\fips\bcfips_ks You can import any certificate to this store by using the../current/jre/bin/keytool utility. For example, from the $ARCSIGHT_HOME/current/bin directory, execute the following command to import the certificate: arcsight keytoolgui Open the keystore in $ARCSIGHT_HOME/jre/lib/security/cacerts (the password will be changeit). Linux From the Menu bar, select Tools and Import Certificate. Upload the certificate file. Trust the certificate. Trusted Root Certification Authority for the local computer. Use the Windows certificate import wizard to import the certificate. Trusted Root Certification Authority for the current user. Use the Windows certificate import wizard to import the certificate. Finally, it is always advisable to have server certificates that do not have chains. Windows certificates that are put in trusted authority are subject to CRL verification that may involve verifying the entire chain. This is controlled by the Windows system and can be very annoying because Windows may need to connect to outside hosts to verify the chain of trust. If any component cannot be verified, Windows will not trust it and the connection to the SecureData appliance will fail. For SmartConnectors running on Linux, the server certificate must be in the following two locations. Perform these steps after installing the connector core software, but prior to selecting connector and adding parameter information. Connector certificate store -../current/jre/lib/security/cacerts. When using FIPS for the connector, the certificate must be placed into..\current\user\agent\fips\bcfips_ks You can import any certificate to this store using the../current/jre/bin/keytool utility. For example, from the $ARCSIGHT_HOME/current/bin directory, execute the following command to import the certificate: arcsight keytoolgui Open the keystore in $ARCSIGHT_HOME/jre/lib/security/cacerts (the password will be changeit). 6

From the Menu bar, select Tools and Import Certificate. Upload the certificate file. Trust the certificate. The store used by the SecureData client. Assuming the client directory is /opt/client, the store would be /opt/client/truststore. The certificate must be Base64 encoded, not DER; otherwise, the./c_rehash command will fail. Copy the server certificate (in *.pem format) in the directory /opt/client/truststore, and run the following command: /opt/client/truststore/c_rehash. Note: Do not forget to type the. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback