Enabling Integration with Google Cloud Transformation Hub

For proper integration with Google Cloud Transformation Hub, after you set up your Google Cloud deployment architecture, you must perform the following additional procedures for the ArcSight product (ArcMC, SmartConnector, CTH, Logger, or ESM) you are integrating. You must complete the procedures before you can configure the product to consume events from or send events to Transformation Hub.

Getting the FQDN of the worker node

1. From the bastion host, run the following command:

   # kubectl get nodes

2. Copy the node hostnames.

The hostnames will be required when configuring the product to produce events from, or send events to Transformation Hub.

The FQDN and the hostnames belonging to the nodes will be needed when doing a multi-zone deployment, since Google Cloud uses a different internal DNS for each zone (for more information check Access VMs by internal DNS).

The FQDN of the virtual machine uses the following format:

<HOSTNAME>.<ZONE>.c.<PROJECT_ID>.internal

Where:

<HOSTNAME> is the hostname copied in step 2.

<ZONE> is the cluster zone

<PROJECT_ID> is your Google Cloud project ID, check the Google Cloudworksheet for the value.

You can now configure the product to consume events from or, if the functionality is available, send events to Transformation Hub:

• Configuring Logger and SmartConnectors as a Transformation Hub Consumer

• Configuring ESM as a Transformation Hub Consumer

• Configuring ESM as a Transformation Hub Producer in Distributed Correlation Mode

• Configuring ArcMC to Manage a Transformation Hub