You are here: Foswiki>ArcSightActivate Web>Packages>ActivateBase (21 Aug 2018, EstebanHerrera)EditAttach

Activate Base

Activate Base provides resources (such as filters, global variables or active lists) used by all other packages.

Activate Base Functionality

There are a lot of resources available for use in this package. This section describes the use of and reasoning behind these resources.

Active Lists

Administrative

This group of lists tracks the usage of the Suppression Lists and supports the Workflow Metrics method.

Common

This group of lists has resources that support multiple packages. Most of these are pre-populated active lists that provide information needed by other packages.

Product Active Lists

This is where active lists for product packages belong.

Resource Tracking

Due to some unfortunate limitations in ArcSight ESM, it is not possible to convert a string to a resource reference. Many lists store resource references for various resources, such as Customer, Zones, and Assets resources. Some content uses algorithms involving the TTLs of the lists and process the information in the audit events where the entry data for a list is represented in a string (Device Custom String4, etc., for active list audit events). The need to put the information back on the list it dropped off of, or onto another list, requires that the resource reference string be converted back to a resource reference. Since we don't have that function available, the workaround is to collect the resource references in these lists. Lightweight rules are also provided to collect the information from you network(s), and global variable fields are provided to extract the resource references.

Suppression Lists

These lists support the Suppression System method.

System Black Lists

These lists support the Suppression System method.

Download Instructions

The latest package can be downloaded from the ArcSight Marketplace, under Activate Base.

Package Installation

Introduction

The ArcSight ESM Package Framework has a lot of features that allow the Activate Framework content to be upgraded outside of an ESM upgrade. Unfortunately, making use of these features requires a command line interface, i.e., they are not supported by the UI.

The latest updated ArcSight Activate packages are bundled in zip files. An Activate zip file contains the latest version of a given Activate bundle (Activate_Base_2.4.0.0.arb, for example), and a Microsoft BAT file (ActivateBaseInstallAndUpdate2400.bat, for example), which is a script that contains the commands necessary to properly install or update an Activate content installation. There are plans to provide a Linux (bash) script in the near future.

Running the script will result in the system asking for three pieces of information: the name of the manager, a user account name with administration privileges, and the password for that account. Please note that the password entry will not be masked, so be prepared to take whatever precautions are needed to protect the account's password.

You will have to run this script as per the instruction provided.


The installer script will automatically manipulate files, allowing you to keep your customizations, while we push updates up to standard resources. If the packages in the bundle are installed via the console, we will overwrite your configuration and you will have to uninstall and reinstall the this particular package.

Base Package Installation Procedure


1. Download and extract Activate Base into your ArcSight console's home directory. InstallBase01.png
2. Open a command prompt and navigate to ARCSIGHT_HOME (where your console is installed). InstallBase02.png
3. Execute the ActivateBaseInstallAndUpdate<version>.bat file to install the update. InstallBase03.png

4. You will be prompted to enter the manager hostname, username and password. The password is displayed in cleartext, please be aware of your environment.

InstallBase04.png
5. There will be additional manual instructions for things you should do to clean up the installation. InstallBase05.png

6. After the update, your packages in ArcSight ESM will look like the screenshot to the right.

The Activate Base Update <verson> package is uninstalled. You can safely delete it.

If you run into any issues, the errors will be displayed in the command prompt window.

InstallBase06.png

7. You can now delete the files from ARCSIGHT_HOME

  • Activate_Base_<version>.arb
  • Activate_Base_Updated_<version>.arb
  • ActivateBaseInstallAndUpdate<version>.bat
  • Read Me - Activate Base <version> - DO NOT IMPORT VIA CONSOLE.txt

InstallBase07.png

Resources

The link below contains a table of all resources included in this package: -- GeorgeBoitano - 26 Jan 2016
Topic attachments
I Attachment Action Size Date Who Comment
InstallBase01.pngpng InstallBase01.png manage 69.7 K 06 Sep 2016 - 20:57 PrenticeHayes  
InstallBase02.pngpng InstallBase02.png manage 38.4 K 06 Sep 2016 - 20:52 PrenticeHayes  
InstallBase03.pngpng InstallBase03.png manage 30.6 K 06 Sep 2016 - 21:00 PrenticeHayes  
InstallBase04.pngpng InstallBase04.png manage 39.0 K 06 Sep 2016 - 21:02 PrenticeHayes  
InstallBase05.pngpng InstallBase05.png manage 40.7 K 06 Sep 2016 - 21:06 PrenticeHayes  
InstallBase06.pngpng InstallBase06.png manage 24.0 K 06 Sep 2016 - 21:09 PrenticeHayes  
InstallBase07.pngpng InstallBase07.png manage 65.6 K 06 Sep 2016 - 21:11 PrenticeHayes  
Topic revision: r4 - 21 Aug 2018, EstebanHerrera


 


Activate Wiki 2.1.0.0

This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback