Support via Micro Focus Software Support, with a ticket filed against the associated product.
Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.
Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.
Community Contributed Content is provided by Micro Focus customers and supported by them.
CyberTotal is a cloud-based threat intelligence service developed by CyCraft, which cohesively integrates multiple and varied CTI sources, open source intel, and proprietary threat intel to provide best-in-class threat intelligence. CyCraft’s Cyber Intel team has long tracked the most sophisticated forms of intrusion and provides historical and up-to-date information on APT groups.
CyberTotal helps companies quickly identify and triage threats as well as verify security alerts through automated correlation analysis and knowledge base optimization. This integration enables large amounts of received artifacts to rapidly and concisely be enriched with contextual threat information to improve the efficiency and accuracy of your security operations. Indicators are prioritized for security experts to quickly focus on the most important and urgent alerts, thereby saving human capital and increasing productivity.
The two main use cases supported by the CyberTotal integration are:
Use Case 1: Alert Validation
On average, security teams review several thousand alerts each day. By employing the CyberTotal platform, intelligence can be more accurately analyzed and prioritized. The enrichment of the indicators produces contextual threat information such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more. With additional reputation and storyline data describing the indicator, security experts can quickly eliminate false alarms and decide if further investigation is needed. Users can also click the CyberTotal URL link to view the indicator’s full report.
Use Case 2: Threat Hunting
CyberTotal automatically aggregates multiple cyber threat intelligence sources from around the world. This enriched threat intelligence data includes severity levels, confidence levels, and threat scores with grading, correlation, and aggregation scores, thus enabling security personnel to more accurately classify and handle each alert. If enterprise firewall or proxy logs are collected in ArcSight, CyberTotal can help to inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard or daily/weekly statistical reports to speed sec ops workflow.
ArcSight ESM 18.104.22.1686.1 or higher
ArcSight SmartConnector 7.14 installed on CentOS version 7 Linux server
Network access to CyberTotal (https://cybertotal.cycraft.com).
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox