3. Contents
Actor Model Import Connector for Microsoft Active Directory 7.0.7.7288 4
Release Contents 4
What's New 4
Installing the Actor Model Import Connector for Active Directory 5
Known Limitations 5
Fixed Issues in this Release 5
Open Issues in this Release 5
HPE Actor Model Import Connector for Microsoft Active Directory 7.0.7.728 Page 3 of 6
4. Actor Model Import Connector for Microsoft
Active Directory 7.0.7.7288
These release notes discuss the following topics.
l "Release Contents" below
l "What's New" below
l "Installing the Actor Model Import Connector for Active Directory" on the next page
l "Known Limitations" on the next page
l "Fixed Issues in this Release" on the next page
l "Open Issues in this Release" on the next page
The Actor Model Import Connector for Microsoft Active Directory imports data from Microsoft Active
Directory into ArcSight IdentityView to populate common sessions and active lists.
Release Contents
The files included in this release are:
File name Description
ActiveDirectory_MICRelNotes_7.0.7 .7288.pdf Release notes for Actor Model Import Connector for Microsoft
Active Directory
ActiveDirectory_ActorModelConfig_ 7.0.7.7288.pdf Installation and configuration guide
ArcSight-7.0.7.7288.0- ADActorModelConnector-
Linux64.bin
Installer for Linux 64-bit systems
ArcSight-7.0.7.7288.0- ADActorModelConnector-
Win64.exe
Installer for Windows 64-bit systems
Installed Files
What's New
Updated support for the Linux platform.
HPE Actor Model Import Connector for Microsoft Active Directory 7.0.7.728 Page 4 of 6
5. Installing the Actor Model Import Connector for
Active Directory
For information about installing the connector, see the Configuration Guide for the Actor Model Import
Connector for Microsoft Active Directory. The guide is available at:
https://www.protect724.hpe.com/docs/DOC-12746
Known Limitations
The following are know limitations for this connector: n
l The connector can send model information to only one ArcSight Manager. n
l The LDAP authentication type used between the connector and Active Directory is simple clear-text
authentication. n
l The connector’s JVM might use more than the default 256 MB of memory. If the agent.log file
contains an error indicating that the memory is in the yellow zone, increase the JVM memory or
contact ArcSight Customer Support for assistance.
Fixed Issues in this Release
This release contains the following fixed issue.
Number Description and work-around instructions
CON-14924 The POODLE vulnerability in the SSLv3 protocol was present in previous versions of this connector.
This release avoids any use of SSLv3.
Open Issues in this Release
This release contains the following open issues. Use the workarounds where provided.
Release Notes
Actor Model Import Connector for Microsoft Active Directory 7.0.7.7288
HPE Actor Model Import Connector for Microsoft Active Directory 7.0.7.728 Page 5 of 6
6. Number Description and work-around instructions
50461 Issue: When a group is deleted in Active Directory, the relevant group to user mappings are not removed
from the Identity Roles list.
Work-around: To remove the relevant group to user mappings, manually terminate those entries from the
Identity Roles list.
50462 Issue: When a user is removed from a group in Active Directory, its corresponding entry is removed from the
Identity Roles list instead of being terminated.
50486 Issue: When a user object is deleted from Active Directory, the Status attribute is not set to Deleted in the
Identity Information session list, and the mappings for the user are not terminated in the Identity Roles
session list.
Work-around: As a best practice, user objects should not be deleted; instead, they should be disabled.
However, if a user object is deleted in your system, you can manually set the user's Status attribute to
Deleted in the Identity Information session list.
50487 Issue: In Active Directory, a user can belong to multiple groups in a hierarchy. That is, when a user belongs to a
sub group that belongs to a parent group, Active Directory recognizes that the user belongs to two groups.
However, the Identity Roles list in the ArcSight IdentityView Solution does not handle this inheritance. The list
only recognizes direct members of a group and ignores the membership of the group to other parent groups.
Release Notes
Actor Model Import Connector for Microsoft Active Directory 7.0.7.7288
HPE Actor Model Import Connector for Microsoft Active Directory 7.0.7.728 Page 6 of 6