Micro Focus recommends the tested platforms listed below. However, customers running on any platforms not provided in this list or with untested configurations will be supported until the point Micro Focus determines that the root cause is the untested platform or configuration. Issues that can be reproduced on the tested platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.
Component Name |
Platforms |
---|---|
Change Guardian Server |
|
Change Guardian Policy Editor |
|
Change Guardian Agent for Windows |
|
Security Agent for UNIX |
See the Security Agent for UNIX System Requirements page. |
IMPORTANT:
FIPS mode is supported only for Change Guardian. Change Guardian is not supported if the operating system is in FIPS mode.
Change Guardian is not certified on Open Enterprise Server installations of SLES.
Application Name |
Versions |
---|---|
Microsoft Windows |
|
Microsoft Active Directory and Group Policy |
|
Microsoft Exchange |
|
Dell EMC |
|
NetApp Storage System |
Data ONTAP 9.1 |
Component Name |
Versions |
---|---|
Secure Configuration Manager |
7.2 |
Sentinel Enterprise |
8.2.3 |
ArcSight Enterprise Security Manager |
6.7.1 |
Splunk Enterprise Security |
7.3.2 |
Directory Resource Administrator |
9.2.1 |
Component Name |
Browsers |
---|---|
Change Guardian Web Console |
Latest version of the following:
NOTE:Although not officially certified, other modern browsers are known to work reasonably well with the Change Guardian web interface. |
Component Name |
Softwares |
---|---|
Change Guardian Policy Editor |
|
NOTE:
|
Component |
Hardware |
---|---|
Change Guardian Server (includes CG AM) |
CPU:8 Cores RAM: 24 GB Free Hard Disk Space Available: 50 GB |
Category |
250 Monitored Assets |
1000 Monitored Assets |
1000+ Monitored Assets |
---|---|---|---|
Total System Capacity |
|||
EPS Capability |
200 EPS |
500 EPS |
500+ EPS |
Alerts per Minute |
10 APM |
10 APM |
10+ APM |
Change Guardian Server Hardware |
|||
CPU |
Two Intel Xeon 3-GHz (4 core) E5450 CPUs (8 cores total), without Intel HT Technology |
Two Intel Xeon 3-GHz (8 core) E5450 CPUs (16 cores total), without Intel HT Technology |
Contact Micro Focus Services |
Primary Storage: Primary indexed event data optimized for fast retrieval. |
500 GB 7.2k RPM drive |
4 x 300 GB SAS 15k RPM (Hardware RAID 10) |
|
Memory |
24 GB |
32 GB |
|
Data Collection |
|||
Change Guardian Policies Used |
|
Set 01:
Set 02:
|
Contact Micro Focus Services |
Total |
|
|
|
Change Guardian NetApp Module |
3000 EPS NetApp Events with 1 Security Agent for UNIX. NOTE:You must install Security Agent for UNIX on a supported RHEL or SLES Linux platform to monitor NetApp. |
||
Data Storage |
|||
How far into the past will users search for data on a regular basis? Amount of locally cached data for higher search performance. |
7 days |
Contact Micro Focus Services |
|
What percentage of searches will be over data older than the number of days above? Impacts the amount of input/output operations per second (IOPS) for local storage. |
|
10% |
|
How far into the past must data be retained? Impacts how much disk space is required to retain all the data. If secondary storage is enabled, this impacts the size of secondary storage. Otherwise, it impacts the size of primary storage. |
|
14 days |
|
User Activity |
|||
How many users will be active at the same time, on average? Impacts the amount of IOPS for primary and secondary storage and other items. |
|
1 |
Contact Micro Focus Services |
How many searches will an active user be performing at the same time, on average? Impacts the amount of IOPS for primary and secondary storage. |
1 1M events per search |
1 1M events per search |
|
How many real-time alert views will be running at the same time, on average? |
3 (whenever) |
||
How many alert dashboards will be running at the same time, on average? |
1 (7 days) |
|
|
How many Threat Response dashboards will be running at the same time, on average? |
3 |
||
How many alert widgets per dashboard will be running at the same time, on average? |
2 (whenever) |
IMPORTANT:Agent Manager has the capability to install or upgrade agents with a maximum of 150 assets in a batch.
The Chart view might take about 25 seconds to load events up to 500,000, while the Grid view might load in five seconds with a similar number of event. Any operation, such as grouping and sorting, with events upto 500,000 events on the Grid view might take about 40 seconds to process and display.
If there are around 500,000 to 1,000,000 events, the Chart view loads in a minute, and the Grid view loads in half a minute. Any operation on the Grid view with around 50,00,00 and 10,00,000 events might take one and a half minute to process and display.
Similarly, if there are 1,000,000 to 1,500,000 events, the Chart view takes about a minute and a half to load, the Grid view takes about half a minute to load, and operations on the Grid view takes about two minutes to process and display.
Following are observations about the events generated per second from Change Guardian Agent for Windows and Security Agent for UNIX:
The EPS count might vary with an increase in time interval and increase in the number of events generated in one burst.
EPS count depends upon the number of files present in the folder if the folder is monitored for file integrity.
EPS count might vary with the hardware configuration of the agent machine.
EPS count might vary when the agent is monitoring a combination of assets, such as Microsoft Windows and Active Directory, or Active Directory and Group Policy, or Active Directory and file integrity.
For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/
Copyright © 2019 Micro Focus or one of its affiliates.