Understanding Related Components

The capabilities you deploy in the Platform depend on functions and applications installed in your environment. For example, Transformation Hub consumes data from a wide variety of collectors and connectors before passing that content to ESM and other products. Recon and Intelligence need the ArcSight Database to store their data.

Database
Data Sources
Enterprise Security Manager
SMTP Server

Database

The database stores all collected events and provides event searches and analysis capabilities. The database mode determines how data is stored at a low level.

You must select the mode for your database when you create it. Once created, you cannot change the database's mode or switch between the two. If you want to use a different mode, you must back up your data, create a new database using the new mode, and then reload your data.

You can create a database in either of two modes.

Enterprise Mode - Stores data in the file system of the nodes in the database. The database runs in its own cluster, usually on three or more nodes for high availability.
Eon Mode - Stores data in a communal repository. Individual nodes in an Eon Mode database retain cached copies of data, but the communal storage container is the persistent copy of the data in the database. Currently, Eon Mode is only available on Amazon Web Services. Click here for more information.

Data Sources

The deployed capabilities incorporate data from a variety of sources.

SmartConnectors collect events from supported data sources, normalize those events, and then send them to the Transformation Hub's Kafka cluster.
- When collecting data and sending it to Transformation Hub, the SmartConnector normalizes the values (such as severity, priority, and time zone) into the common format and normalizes the data structure into the common schema.
- Next, the connectors filter and aggregate events to reduce the volume of events sent to the system.
- You need to install and maintain connectors separately.
- You can subscribe to the data Transformation Hub manages.
Third-party collectors and connectors also provide data to the deployed capabilities.

Enterprise Security Manager

ArcSight Enterprise Security Manager (ESM) operates outside of the Platform CDF environment, but integrates with capabilities that operate within the Platform environment. For example, ESM shares SSO, event processing, and event search behavior with the Platform.

You can deploy the ESM Command Center capability to the Platform CDF environment to provide a more seamless user experience with other capabilities that integrate with the Platform Fusion capability, such as Intelligence and SOAR. When deployed in this manner, ESM Command Center integrates with ESM operating outside of the Platform CDF environment.

SMTP Server

The SMTP server allows the Platform to send notification messages to users.