Checklist: Upgrading Your Environment

To ensure a successful on-premises upgrade, complete the following tasks in the listed order:

This release significantly changes the ArcSight Database such that you cannot upgrade the database. It must be installed as new. However, this release does allow you to deploy or upgrade Recon and Intelligence in your environment, as well as install either capability for the first time.

	Task	See
	Download the installation packages.	Downloading the Installation Packages for an On-Premises Deployment
	(Conditional) To deploy Intelligence or Recon, install the ArcSight Database.	Installing the Database
	(Conditional) To prevent both the original and newly installed databases from ingesting duplicate events, stop data ingestion on the original database.	Checklist: Stopping Event Ingestion
	Upgrade the CDF infrastructure.	Upgrading CDF
	(Conditional) If you have previously deployed SOAR and plan to upgrade, delete the old resource definitions.	Preparing for SOAR 3.2
	Upgrade the deployed capabilities.	Upgrading Deployed Capabilities
	Complete post-upgrade tasks.	Completing Post Upgrade Tasks
	Complete the post-upgrade procedure.	Restarting the Event Consumers
	For a manual upgrade or one using autoUpgrade, apply the hotfix to remediate the log4j vulnerability.	Applying the log4j Hotfix
	Apply security patches and latest updates to the deployed capabilities and the ArcSight Database.	Upgrading to 22.1.2
	Upgrade ESM.	Upgrading ESM