Enabling Integration with AWS Transformation Hub

For proper integration with AWS Transformation Hub, after you set up your AWS deployment architecture, you must complete the applicable procedure for the ArcSight product (SmartConnectors, Logger, or ESM) you are integrating. You must complete the procedure before you can configure the product to consume events from or send events to Transformation Hub.

Completing Additional Procedures for SmartConnectors, Logger, or ESM

Obtain the cluster worker node (Kafka broker node) host names using one of the following procedures.

From the bastion host:

1. From the bastion host, run the following command:

# kubectl get nodes

2. Copy the node host names. You will need these names when configuring the product to produce events from or send events to Transformation Hub.

From AWS:

1. In the AWS user interface, go to your Auto Scaling Group.
2. To see the instance IDs, select the Instance Management tab.
3. To view the details of the corresponding instance, click the first instance ID.
4. Note the private DNS name for the instance.
5. Repeat Step 3 and Step 4 for each instance ID.
6. After determining these values, ensure that your SmartConnector, Logger, or ESM instance is added to the AWS Transformation Hub Cluster Security Group with rules allowing access to ports 32080 and 9093.

You can now configure the product to consume events from or, if the functionality is available, send events to Transformation Hub:

• Configuring Logger and SmartConnectors as a Transformation Hub Consumer

• Configuring ESM as a Transformation Hub Consumer

• Configuring ESM as a Transformation Hub Producer in Distributed Correlation Mode