Configuring Transformation Hub Access - Non-FIPS Mode

This section describes how to configure ESM to access Transformation Hub when FIPS mode is not enabled.

To configure ESM access to Transformation Hub in non-FIPS mode:

  1. As user arcsight, stop the ArcSight Manager:

    /etc/init.d/arcsight_services stop manager

  2. As user arcsight , from the /opt/arcsight/manager/bin directory, run the following command to start the managersetup wizard:

    ./arcsight managersetup -i console

    Advance through the wizard until you reach the Transformation Hub screen.

  3. Provide the following information:

    1. Specify the host name or IP address and port information for the nodes in Transformation Hub. Include the host and port information for all nodes and not just the master node. Use a comma-separated list (for example: <host>:<port>,<host>:<port>).

      Note: You must specify the host name and not the IP address.

      Transformation Hub can only accept IPv4 connections from ESM.

      If the Kafka cluster is configured to use SASL/PLAIN authentication, ensure that you specify the port configured in the cluster for the SASL_SSL listener.

    2. Specify the topics in Transformation Hub from which you want to read. These topics determine the data source.

      For more information, see the Administrator's Guide for the ArcSight Platform.

      Note: You can specify up to 25 topics using a comma-separated list (for example: topic1,topic2).

    3. Import the Transformation Hub root certificate to ESM's client truststore.

      Transformation Hub maintains its own certificate authority (CA) to issue certificates for individual nodes in the Transformation Hub cluster. ESM needs that CA certificate in its truststore so that it will trust connections to Transformation Hub. For information about obtaining the certificate, see the information about viewing and changing the certificate authority in the Administrator's Guide for the ArcSight Platform. You might need to contact the Transformation Hub administrator to obtain the CA certificate if you do not have sufficient privileges to access the Transformation Hub cluster.

      Copy the Transformation Hub root certificate from /opt/arcsight/kubernetes/scripts/cdf-updateRE.sh > /tmp/ca.crt on the Transformation Hub server to a local folder on the ESM server. After you provide the path to the certificate, the wizard imports the Transformation Hub root certificate into ESM's client truststore.

    4. If the Kafka cluster is not configured to use SASL/PLAIN authentication, leave the authentication type as None. If the Kafka cluster is configured to use SASL/PLAIN authentication, select SASL/PLAIN as the authentication type.

    5. If you selected SASL/PLAIN as the client authentication type, specify the user name and password for authenticating to Kafka.

    The wizard validates the connection to Transformation Hub. If there are any issues, you will receive an error or warning message. If the wizard does not generate error or warning messages and you are able to advance to the next screen, the connection is valid.

  4. Advance through the wizard and complete the configuration.

    For more information about managersetup, see the ESM Administrator's Guide.

  5. As user arcsight, restart the ArcSight Manager:

    /etc/init.d/arcsight_services start all

  6. To verify that the connection to Transformation Hub is working, look for the line Transformation Hub service is initialized in server.std.log.