CyCraft CyberTotal

215881

CyCraft Community

App Support Tiers

MICRO FOCUS SUPPORTED

Support via Micro Focus Software Support, with a ticket filed against the associated product.

PARTNER

Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.

MICRO FOCUS COMMUNITY

Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by Micro Focus customers and supported by them.

CyCraft | Community

CyCraft secures the Fortune 500 via MDR, IR, & TI. Our threat intel service, CyberTotal, merges 20+ major sources, open source & proprietary intel. With this simple integration you can rapidly hunt threats & validate/enrich your artifacts/indicators.
31 downloads

Description

CyberTotal is a cloud-based threat intelligence service developed by CyCraft, which cohesively integrates multiple and varied CTI sources, open source intel, and proprietary threat intel to provide best-in-class threat intelligence. CyCraft’s Cyber Intel team has long tracked the most sophisticated forms of intrusion and provides historical and up-to-date information on APT groups.

CyberTotal helps companies quickly identify and triage threats as well as verify security alerts through automated correlation analysis and knowledge base optimization. This integration enables large amounts of received artifacts to rapidly and concisely be enriched with contextual threat information to improve the efficiency and accuracy of your security operations. Indicators are prioritized for security experts to quickly focus on the most important and urgent alerts, thereby saving human capital and increasing productivity.

The two main use cases supported by the CyberTotal integration are:

Use Case 1: Alert Validation

On average, security teams review several thousand alerts each day. By employing the CyberTotal platform, intelligence can be more accurately analyzed and prioritized. The enrichment of the indicators produces contextual threat information such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more. With additional reputation and storyline data describing the indicator, security experts can quickly eliminate false alarms and decide if further investigation is needed. Users can also click the CyberTotal URL link to view the indicator’s full report.

Use Case 2: Threat Hunting

CyberTotal automatically aggregates multiple cyber threat intelligence sources from around the world. This enriched threat intelligence data includes severity levels, confidence levels, and threat scores with grading, correlation, and aggregation scores, thus enabling security personnel to more accurately classify and handle each alert. If enterprise firewall or proxy logs are collected in ArcSight, CyberTotal can help to inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard or daily/weekly statistical reports to speed sec ops workflow.

Minimum Requirements

ArcSight ESM 7.0.0.2436.1 or higher

ArcSight SmartConnector 7.14 installed on CentOS version 7 Linux server

Network access to CyberTotal (https://cybertotal.cycraft.com).



Releases

Release
Size
Date
CyberTotal 1.5
33.3 MB
  |  
Jan 20, 2020
More info Less info
Product compatibility
Version 7.12.0
Release notes
  • Date: 2020-20-01
  • Features:
    • Installation guide (pdf)
    • CyberTotal ArcSight ESM ARB package
      • Rules: Query indicators on CyberTotal by executing commands on the SmartConnector.
      • Dashboard: Show real-time status of queries, sources and results.
      • Report: Daily report includes statistics of indicators' enriched results and can be mailed to given email account in settings.
    • ASHelper
      • Installation files are the rpm package and the install script.
      • Provides ability to connect to CyberTotal and forward CyberTotal CEF logs to ArcSight ESM.
Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-2-2-pardot-2160 | Sun Feb 23 08:42:23 PST 2020