This document provides release notes for ArcSight Express 4.0 Patch 1. The patch addresses critical issues, provides updates for geographical data and vulnerabilities, upgrades dependencies, and adds support for new operating system versions. Instructions are included for verifying files and installing the patch for the main suite, ArcSight Console, and individual components. Issues fixed and known issues remaining in the patch are also summarized.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
5. Confidential Release Notes ArcSight Express 4.0 Patch 1 5
ArcSight Express 4.0 Patch 1
ArcSight Express 4.0 Patch 1
These release notes describe how to apply this patch release of ArcSight Express.
Instructions are included for each component, as well as other information about recent
changes and open and closed issues.
This patch is for ArcSight Express 4.0. To set up a new ArcSight Express 4.0 installation,
refer to the ArcSight Express Installation and Configuration Guide.
The build number for the ArcSight Express suite for this patch is 1361
The build number for the ArcSight Console for this patch is 1933.1.
After you have installed ArcSight Express 4.0, follow the instructions in “Installing ArcSight
Express 4.0 Patch 1” on page 7 of these release notes to apply Patch 1.
Purpose of this Patch
This patch:
Addresses critical issues in ArcSight Express 4.0.
Provides updates for geographical information and vulnerability mapping.
Upgrades JRE version to 1.6.0_65.
Upgrades the tzdata version to tzdata2014f.
Adds certification of Red Hat Enterprise Linux 6.5 (64-bit) for ArcSight Express Patch 1.
HP recommends that you upgrade your operating system from Red Hat Linux 6.2 to
6.5. Download the operating system upgrade script and technical note from HP SSO.
Perform the operating system upgrade only after you have successfully upgraded your
ArcSight Express installation to 4.0 Patch 1. See the Upgrade RHEL 6.2 to RHEL 6.5 for
ArcSight Express Appliance Technical Note for details.
Adds certification of CentOS Linux 6.5 (64-bit) for ArcSight Express VA Patch 1.
HP recommends that you upgrade your operating system from CentOS Linux 6.2 to
6.5. Download the operating system upgrade script and technical note from HP SSO.
Perform the operating system upgrade only after you have successfully upgraded your
ArcSight Express VA installation to 4.0 Patch 1. See the Upgrade CentOS 6.2 to CentOS
6.5 for ArcSight Express Virtual Appliance Technical Note for details.
Under certain loads, an unstable condition can on occasion arise that leads to a Signal
11 occurrence. This patch provides a significant improvement to reduce the likelihood
of a Signal 11 condition.
Provides the POODLE SSL fix
The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy
Encryption") is a man-in-the-middle exploit that takes advantage of Internet and
6. Usage Notes for this Patch
6 Release Notes ArcSight Express 4.0 Patch 1 Confidential
security software clients' fallback to SSL 3.0. See http://en.wikipedia.org/wiki/POODLE
for details.
When establishing SSL connection in Java, applications start from protocol negotiation
(SSL, TLS, TLSv1, etc.). The POODLE SSL fix ensures that no instance of ESM or
ArcSight Web will accept connections of SSLv3 type; the protocol should be one of TLS
protocols. The corresponding changes were made to the ArcSight Console, which is
one of the ESM clients. No additional changes are required for the ArcSight Console.
To access ArcSight Command Center the web-browser should allow the use of TLSvx
protocols, which is the default setting for all web browsers.
Usage Notes for this Patch
Also refer to ArcSight Express Release Notes Version 4.0. The usage notes for that release
also apply to this patch.
Upgrade to Latest Connector Versions
In order to receive POODLE attack protection for your connectors, be sure to upgrade to
the latest version of each connector. The connector upgrades will provide the latest
POODLE attack protection and JRE version. These upgrades need to be performed in
addition to the installation of ArcSight Express 4.0 Patch 1, and are not part of the patch
installation.
Section 508 Compliance
ArcSight recognizes the importance of accessibility as a product initiative. To that end,
ArcSight continues to make advances in the area of accessibility in its product lines.
Geographical Information Update
This version of ArcSight Express includes an update to the geographical information used in
graphic displays. The version is GeoIP-532_20150101.
Vulnerability Updates
This release includes recent vulnerability mappings from the January 2015 Context Update.
Device Vulnerability Updates
Snort / Sourcefire SEU 1232 updated Bugtraq, X-Force, MSSB, Faultline, CVE,
Nessus, MSKB, CERT
Enterasys Dragon IDS updated Faultline, CVE, Nessus, MSSB
Cisco Secure IDS S840 updated Bugtraq, X-Force, MSSB, Faultline, CVE,
Nessus, CERT, MSKB
Juniper / Netscreen IDP update 2458
updated
Faultline, Bugtraq, CVE, X-Force, Nessus,
MSKB, MSSB, CERT
McAfee Intrushield updated Faultline, Bugtraq, CVE, Nessus, X-Force,
MSKB, CERT, MSSB
TippingPoint UnityOne DV8653
updated
Bugtraq, X-Force, MSSB, Faultline, CVE,
Nessus, MSKB, CERT
7. Installing ArcSight Express 4.0 Patch 1
Confidential Release Notes ArcSight Express 4.0 Patch 1 7
Installing ArcSight Express 4.0 Patch 1
You can install this patch release using the platform-specific component executable files
provided. Patch installers are available for all supported platforms. Keep the following
points in mind when installing Patch 1:
Each component has install and uninstall steps.
Verify AE 4.0 Patch 1 Files
HP provides a digital private key to enable you to verify that the signed software you
received is indeed from HP and has not been manipulated in any way by a third party.
Visit the following site for information and instructions:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPL
inuxCodeSigning
ISS SiteProtector updated Faultline, Bugtraq, CVE, Nessus, X-Force,
MSSB, MSKB, CERT
Symantec Endpoint Protection
updated
Faultline, Bugtraq, CVE, X-Force, Nessus
McAfee HIPS 7.0 updated CVE
Radware DefensePro updated Bugtraq
• For all components and platforms: Make sure that you have enough
space available before you install the patch. The installer checks for 3 GB
of space and generates an error if it is not available. If you run into disk
space issues during installation, create enough space, restore the
component base build from the backup, then resume patch installation.
• Backup, patch install, and uninstall procedures require permissions for the
relevant components. To install a patch, make sure that the user who
owns the base build installation folder has full privileges on the PATH
where the base build is installed.
• To uninstall the software you must be at the same user level as the
original installer.
• It is a good practice to create a backup of the existing product before
installation begins. Do not simply rename files and leave them in the
same directory. Java reads all the files present, regardless of renaming,
and can pick up old code inadvertently, causing undesirable results.
• For backup, patch install, and uninstall, we recommend that you log in to
the target machine with a specific account name via telnet or SSH. If you
switch accounts after logging in, then specify the flag "-" for the su
command (su - <UserName>).
Device Vulnerability Updates
8. Installing ArcSight Express 4.0 Patch 1
8 Release Notes ArcSight Express 4.0 Patch 1 Confidential
ArcSight Express Main Component Suite
This section describes how to install or uninstall the ArcSight Express 4.0 Patch 1 for all the
main components except the ArcSight Console. These components include the Manager,
ArcSight Web, ArcSight Management Center, Connector Appliance, and the CORR-Engine.
To Install the Patch
1 Stop the ArcSight services as user arcsight.
/sbin/service arcsight_services stop all
2 Back up the ArcSight directory, /opt/arcsight, by making a copy. Place the copy in
a readily accessible location. This is just a precautionary measure so you can restore
the original state, if necessary.
3 Download the patch into /home/arcsight from the HP Software Support Online site
(http://softwaresupport.hp.com):
ArcSightExpressSuitePatch-XXXX.tar
where XXXX represents the suite build number.
Ensure that the patch installer is downloaded into /home/arcsight. The installation
will not launch properly if the installer is downloaded to any other location. Be sure to
verify the patch file; see “Verify AE 4.0 Patch 1 Files” on page 7.
4 Run the following command to extract the patch installer from the tar file as user
arcsight:
tar -xvf ArcSightExpressSuitePatch-XXXX.tar
5 To install, run one of the following commands as user arcsight from the shell prompt
and then follow the instructions presented on the shell.
To install in the GUI mode run:
./ArcsightExpressSuitePatch.bin
To install in the Console mode run:
./ArcsightExpressSuitePatch.bin -i console
6 Read through the license agreement and accept it at the end. In GUI mode, the
acceptance radio button is disabled until you scroll to the bottom of the agreement. In
the console mode, press Enter until you have paged through to the end of the license
agreement.
7 Check the pre-installation summary for accuracy. Click Install.
• Before you install the patch, verify that <ARCSIGHT_HOME> and any of
its subdirectories are not being accessed by open shells on your system.
• If for any reason you need to re-install the patch, run the patch
uninstaller before installing the patch again.
ArcSight recommends that you do not simply rename files and leave them in
the same directory. Java reads all the files present, regardless of renaming,
and can pick up old code inadvertently, causing undesirable results.
9. Installing ArcSight Express 4.0 Patch 1
Confidential Release Notes ArcSight Express 4.0 Patch 1 9
8 Click Next on the File Delivery Complete screen to install the Manager, and ArcSight
Web components.
9 Read carefully the instructions on the Install Complete screen and click Done.
10 Start the ArcSight services as user arcsight:
/sbin/service arcsight_services start all
11 Change directory as user root and update timezone data:
cd /home/arcsight/tzupdater/
./tzupdater.sh
12 Run the following command as user root:
cp /opt/arcsight/services/init/arcsight-services-cleanall.conf
/etc/init
Answer y when prompted whether to overwrite the file.
To Uninstall the Patch
If needed, use the procedure below to roll back this patch installation and restore the
system to the pre-patched state.
1 Stop the ArcSight services as user arcsight.
/sbin/service arcsight_services stop all
2 Run the uninstaller program from either the directory where you created the link while
installing the product or, if you had opted not to create a link, then run this from the
/opt/arcsight/UninstallerData_4.0.0.1 directory:
./Uninstall_ArcSightExpressSuitePatch
Alternatively, you can run the following command from the /home/arcsight (or
wherever you installed the shortcut link) directory:
./Uninstall_ArcSightExpressSuitePatch
Or, to uninstall using Console mode, run:
./Uninstall_ArcSightExpressSuitePatch -i console
Run the uninstaller in the same mode (GUI or Console) in which you ran the installer.
Check ArcSight services status and make sure that mysqld process is running
before running the tzupdater.sh script in the next step:
/sbin/service arcsight_services status mysqld
Before you begin to uninstall, verify that the Manager’s <ARCSIGHT_HOME>
and any of its subdirectories are not being accessed by any open shells on
your system.
The uninstaller will prompt you to stop services if services are running.
10. Installing ArcSight Express 4.0 Patch 1
10 Release Notes ArcSight Express 4.0 Patch 1 Confidential
3 Read carefully the instructions on the Uninstall Complete screen and click Done.
4 Navigate to /opt/arcsight/services/init and do the following:
Rename arcsight-services-cleanall.conf.pre4.0.0.1 to
arcsight-services-cleanall.conf
mv arcsight-services-cleanall.conf.pre4.0.0.1
arcsight-services-cleanall.conf
Rename arcsight-monit.conf.pre4.0.0.1 to arcsight-monit.conf
mv arcsight-monit.conf.pre4.0.0.1 arcsight-monit.conf
5 Restart services by running the following command as user root or as user arcsight:
/sbin/service arcsight_services start all
6 Change directory as user root and rollback timezone data:
cd /home/arcsight/tzupdater/
./tzupdater.sh uninstall
7 Run the following command as user root:
cp /opt/arcsight/services/init/arcsight-services-cleanall.conf
/etc/init
Answer y when prompted whether to overwrite the file.
ArcSight Console
This section describes how to install or uninstall the ArcSight Express 4.0 Patch 1 for
ArcSight Console on Windows, Mac, and Linux platforms.
To Install the Patch
1 Exit the ArcSight Console.
Check ArcSight services status and make sure that mysqld process is running
before running the above script.
The ArcSight ESM Console is not supported on AIX or Solaris. The following
steps do not include information for installing a Console patch on those
platforms.
• Before you install the patch, verify that the Console’s <ARCSIGHT_HOME>
directory and any of its subdirectories are not being accessed by any open
shells on your system.
• If you need to re-install the patch, run the patch uninstaller before
installing the patch again.
11. Installing ArcSight Express 4.0 Patch 1
Confidential Release Notes ArcSight Express 4.0 Patch 1 11
2 Back up the Console directory (for example, /home/arcsight/console/current)
by making a copy. Place the copy in a readily accessible location. This is a
precautionary measure so you can restore the original state, if necessary.
Download the executable file specific to your platform from the HP Software Support
Online site (http://softwaresupport.hp.com). YYYY.Y represents the Console build
number.
Patch-6.1.0.YYYY.Y-Console-Win.exe
Patch-6.1.0.YYYY.Y-Console-Linux.bin
Patch-6.1.0.YYYY.Y-Console-MacOSX.zip
For the Mac, see To Install the Patch on a Macintosh, below.
3 Run one of the following executables specific to your platform:
On Windows:
Double-click Patch-6.1.0.YYYY.Y-Console-Win.exe
On Linux:
Verify that you are logged in as user arcsight:, and then run the following
command:
./Patch-6.1.0.YYYY.Y-Console-Linux.bin
To install in Console mode, run the following command from the shell prompt and
then follow the instructions in the window:
./Patch-6.1.0.YYYY.Y-Console-Linux.bin -i console
The installer launches the Introduction window.
4 Read the instructions provided and click Next.
5 Accept the terms of the license agreement and click Next. The acceptance radio
button is disabled until you scroll to the bottom of the agreement.
6 Enter the location of your existing <ARCSIGHT_HOME> directory for your Console
installation in the text box provided or navigate to the location by clicking Choose…
If you want to restore the installer-provided default location, click Restore Default
Folder.
7 Click Next.
8 Choose a Link Location (on Linux) or Shortcut location (on Windows) by clicking the
appropriate radio button and click Next.
9 Check the pre-installation summary to verify that all the locations listed are correct and
that you have enough disk space to install this patch.
10 Click Install.
11 Click Done on the Install Complete screen.
Arcsight recommends that you do not simply rename files and leave
them in the same directory. Java reads all the files present, regardless of
renaming, and can pick up old code inadvertently, causing undesirable
results.
12. Installing ArcSight Express 4.0 Patch 1
12 Release Notes ArcSight Express 4.0 Patch 1 Confidential
To Install the Patch on a Macintosh
The patch installer download and run procedure is slightly different on the Macintosh than
on the other supported platforms.
1 Exit the ArcSight Console.
2 Back up the Console directory (for example, /home/arcsight/console/current)
by making a copy. Place the copy in a readily accessible location. This is just a
precautionary measure so you can restore the original state, if necessary.
3 Download the file Patch-6.1.0.YYYY.Y-Console-MacOSX.zip to anywhere on
your system.
4 Launch the patch installer by double-clicking the ArcSightConsolePatch file.
5 Follow the steps on the patch install wizard, providing the information as prompted:
Accept the terms of the license agreement and click Next. The acceptance radio
button is disabled until you scroll to the bottom of the agreement.
Choose the location where you want to install the patch. Browse to
<ARCSIGHT_HOME>, where your previous Console was installed.
Choose an alias location for the Console application (or opt to not use aliases).
This is the same as a link location on UNIX systems or shortcut location on
Windows systems.
6 Click Next.
7 Verify your settings and click Install.
To Uninstall the Patch
If needed, use the procedure below to roll back this patch installation.
1 Exit the ArcSight Console.
2 Run the uninstaller program:
On Windows:
Double-click the icon you created for the uninstaller when installing the Console.
For example, if you created an uninstaller icon on your desktop, double-click that
icon.
If you created a link in the Start menu, click:
Start > All Programs > ArcSight Express Console 4.0 Patch 1> Uninstall
ArcSight Express Console 4.0 Patch 1
The patch installer file shows as a ZIP file on the download site, but
downloads as ArcSightConsolePatch.app on the Mac. A single or
double-click on this APP file launches the patch installer, depending on
how you have set these options. There is no need to “extract” or “unzip”
the file; it downloads as an APP file.
Before you begin to uninstall, verify that the Console’s <ARCSIGHT_HOME> and
any of its subdirectories are not being accessed by any open shells on your
system.
13. Issues Fixed in this Patch
Confidential Release Notes ArcSight Express 4.0 Patch 1 13
Or, run the following from the Console’s
<ARCSIGHT_HOME>currentUninstallerData_6.1.0.1 directory:
Uninstall_ArcSight_Console_Patch
On Linux:
From the directory where you created the link when installing the Console (your
home directory or some other location), run:
./Uninstall_ArcSight_Console_4.0.0.1
Or, to uninstall using Console mode, run:
./Uninstall_ArcSight_Console_4.0.0.1 -i console
If you did not create a link, execute the command from the Console’s
<ARCSIGHT_HOME>/current/UninstallerData6.1.0.1 directory:
./Uninstall_ArcSight_Console_Patch
On a Mac:
From the directory where you created the link when installing the Console, run:
Uninstall_ArcSight_Console_4.0.0.1
From the Console’s
<ARCSIGHT_HOME>/current/UninstallerData_6.1.0.1 directory, run:
Uninstall_ArcSight_Console_Patch
3 Click Done on the Uninstall Complete screen.
Issues Fixed in this Patch
The following issues are fixed in this patch.
Analytics
Issue Description
NGS-8876 In a Query, the GetHour variable returned the hour translated from local time to
GMT. For example, if your local time is 20:31:47, the GetHour variable might
return 3, instead of 20, as expected.
This is now fixed.
NGS-8875 The Day function now converts timestamp data correctly. For the event count
history, the Event Count Last 7 Days query viewer now shows the correct data.
14. Issues Fixed in this Patch
14 Release Notes ArcSight Express 4.0 Patch 1 Confidential
ArcSight Console
ArcSight Database
ArcSight Manager
Issue Description
NGS-9520 If a customer opened a Query Viewer, adjusted the column widths, and then
clicked Refresh, the column widths would return to default size. We have
improved this functionality so that the column widths remain as changed until the
ArcSight Console session is closed. (When you log in again the defaults are
restored.)
Note that if you click Refresh repeatedly and rapidly enough, the Query Viewer
columns will return to the default widths.
NGS-9298 Queries used in the report or query viewer or channel have a performance issue
when there is a large amount of event annotation data. This fix resolves this issue
by optimizing the query time dynamically. Enable the
event.annotation.optimization.enabled property in the server.properties file.
When this property is true, it uses the new optimization feature. Otherwise, it
behaves as usual. You are only affected by this change if you need the
optimization, in which case, set the property to true.
Note: This fix is certified in a stand-alone deployment only. Other limitations
apply. Contact HP Technical Support with any concerns.
NGS-8180 When used in reports, the Get Hour function was yielding the wrong value.
This is now fixed.
NGS-3123 Active channel loaded slowly when a request URL file name was used in the active
channel filter.
This issue is now fixed.
Issue Description
NGS-8874 The Instance of MySQL was getting into an inconsistent state during shutdown,
which could lead to data corruption.
Improvements have been made to the shutdown script to fix this issue.
NGS-5063 Under certain loads, an unstable condition could on occasion arise that leads to a
Signal 11 occurrence. This patch provides a significant improvement to reduce the
likelihood of a Signal 11 condition.
Issue Description
NGS-8301 Event aggregation set for a number of matches within a time frame would also
include matches outside that time frame,
Now only matches within the specified time frame are aggregated.
15. Open Issues in this Patch
Confidential Release Notes ArcSight Express 4.0 Patch 1 15
Installation and Upgrade
Open Issues in this Patch
This release contains the following open issues. Use the workarounds, where available.
Installation and Upgrade
Issue Description
NGS-10616 If you start the ArcSight Express 4.0 Patch1 CORRE installation wizard, then
navigate back and forward using the Previous and Next buttons (for example, to
reset configuration options on previous screens), but then exit from the wizard
without actually installing, the base component fails to launch. The same launch
failure occurs if you cancel the installation at any point. This is because the
preparatory step of backing up the files has already occurred. If you encounter
this situation, the workaround is to restore the functionality of the base Console
by running the following commands to restore the backup files:
On Linux:
Login as user arcsight
cd /home/arcsight;
mkdir /home/arcsight/rollback;
cd /home/arcsight/rollback;
unzip ../ preinstall_rollback.zip;
chmod +x install_rollback.sh;
./install_rollback.sh;
Start the services: /sbin/service arcsight_services start
Please contact customer support for further details.
NGS-10929 This Patch release provides the POODLE SSL fix.
The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy
Encryption") is a man-in-the-middle exploit that takes advantage of Internet and
security software clients' fallback to SSL 3.0. See
http://en.wikipedia.org/wiki/POODLE for details.
When establishing SSL connection in Java, applications start from protocol
negotiation (SSL, TLS, TLSv1, etc.). The POODLE SSL fix ensures that no instance
of ESM or ArcSight Web will accept connections of SSLv3 type; the protocol should
be one of TLS protocols. The corresponding changes were made to the ArcSight
Console, which is one of the ESM clients. No additional changes are required for
the ArcSight Console. To access ArcSight Command Center the web-browser
should allow the use of TLSvx protocols, which is the default setting for all web
browsers.
Issue Description
NGS-11260 In some instances, you might be unable to uninstall the ArcSight Express 4.0
Patch 1 console from your Mac OS workstations.
In this case, to remove ArcSight Express 4.0 Patch 1, delete the current
installation folder of ArcSight Express 4.0.
16. Open Issues in this Patch
16 Release Notes ArcSight Express 4.0 Patch 1 Confidential
Connectors
NGS-11760 Attempting to stop services by running /sbin/services arcsight_services stop as
the user arcsight can result in a syntax error.
Workaround:
Run /sbin/services arcsight_services stop as the user root.
NGS-11761 Attempting to stop services by running /sbin/service arcsight_services stop when
all services are already down causes the command to take over 10 minutes to
terminate, and to then indicate it failed.
Workaround:
Run /sbin/services arcsight_services status to check status before running
/sbin/service arcsight_services stop. If all services are already unavailable, there
is no reason to run the /sbin/service arcsight_services stop command.
Issue Description
NGS-11154 If the you are running out of the box connectors, then you must use the latest
version certified with the POODLE fix.
Issue Description
17. Open and Closed Issues in ArcSight Express
Confidential Release Notes ArcSight Express 4.0 Patch 1 17
Open and Closed Issues in ArcSight Express 4.0
For information about open and closed issues for ArcSight Express 4.0 see the release
notes for that version.
18. Open and Closed Issues in ArcSight Express 4.0
18 Release Notes ArcSight Express 4.0 Patch 1 Confidential