Configuring the Deployed Capabilities

For guidance on configuring your deployment, see "System Performance Benchmarks for Sizing and Tuning" in the Technical Requirements for ArcSight Platform for your workload. It might specify additional settings beyond what is described below.

You are now ready to deploy and then configure your deployed capabilities. The Pre-Deployment Configuration page displays instructions to configure the products and capabilities chosen at the start of the installation process. This section explains the process of configuring deployed capabilities on a supported platform for both on-premises and cloud deployments.

 

Understanding the Parameters in the Example Config Files

The following parameters are mentioned in one or more of the example install config files.

Reviewing Settings that Must Be Configured During Deployment

This section describes configuration settings that must be set during deployment. Additional settings can be modified after deployment by logging in to the OMT Management Portal.

For more information on a setting, hover over the setting to display the setting tooltip, then set the values accordingly.

The following products require configuration settings to be set during deployment.

Transformation Hub

If you deployed Transformation Hub, in the Transformation Hub tab, ensure the following are set to the number of Kafka worker nodes in your deployment or what is specified in the Technical Requirements for ArcSight Platform for your workload.

On the Transformation Hub tab, configure the following security settings based on how you planned to secure communications as described in the Securing Communication Among Micro Focus Components section.

FIPS, Client Authentication, and Allow Plain Text connections to Kafka settings are available during installation and deployment only.

If you are deploying ESM, configure your Enrichment Stream Processor Group source Topic according to the scope for which you want to leverage ESM's event enrichment capability. For more information, refer to Enrichment Stream Processors.

Fusion

If you deployed Fusion, on the Fusion tab:

It is important to choose a range that does not overlap with the Generator ID Manager range configured in any other ArcMC instances in your organization, otherwise different events with duplicate Globally Unique Event IDs could be created.
The higher the number of searches, the more storage space will be consumed.

ArcSight Database

If you deployed the ArcSight Database and you configure SmartConnectors to use the CEF format when you send events to the Transformation Hub, in the Transformation Hub tab, ensure the # of CEF-to-Avro Stream Processor instances to start is set to at least 1 or what is specified in Technical Requirements for ArcSight Platform for your workload.

On the Database Configuration, ensure that you set these configuration settings for your environment:

The host list of the database node's IP, that is node1-IP, node2-IP,..., upto nodeN-IP.
Leave the Database Certificate(s) field empty.

Intelligence

If you deployed Intelligence, on the Intelligence tab, ensure you set these configuration settings for your environment:

Consider the following:
  • If the topic name specified for the Avro Event Topic field is not the default topic, then use Transformation Hub's Avro routing rules using ArcMC 2.96 or later to filter Avro events from the default topic. Create a routing rule with the source topic as mf-event-avro-enriched and destination topic as the topic name you have provided in the Avro Event Topic field. For more information, see Creating a Route.

  • For Analytics Configuration-Spark, set the values based on the data load. For information about the values for Spark, see System Hardware Sizing and Tuning Guidelines in the Technical Requirements for ArcSight Platform for your workload.

  • For the Data Identifiers to Identify Machine Users field, if you need to consider only human users for licensing, ensure that you provide appropriate values to identify and filter out the machine users from licensing. For more information, contact Micro Focus Customer Support.

If you are specifying details under the Hadoop File System (HDFS) Security section, consider the following:
  • If you are enabling Kerberos Authentication, then, before selecting kerberos in Enable Authentication with HDFS Cluster, ensure you configure the Kerberos Authentication. For more information, see Enabling and Configuring Kerberos Authentication.

  • The Kerberos details that you provide in Kerberos Domain Controller Server, Kerberos Domain Controller Admin Server, Kerberos Domain Controller Domain, and Default Kerberos Domain Controller Realm will be considered only if you select kerberos in Enable Authentication with HDFS Cluster. They are not valid if you select simple.