ESM Default Content

181214

Yun P Community

App Support Tiers

MICRO FOCUS SUPPORTED

Support via Micro Focus Software Support, with a ticket filed against the associated product.

PARTNER

Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.

MICRO FOCUS COMMUNITY

Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by Micro Focus customers and supported by them.

Yun P | Community
ESM Default Content includes Security Threat Monitoring package and Threat Intelligence Platform package, It also includes resources for tracking Techniques from the MITRE ATT&CK framework.
182 downloads

Description

Threat Intelligence Platform

This package is designed to detect security threat based on intelligence data feed from open source Malware Information Sharing Platform (MISP). It also follows MITRE ATT&CK framework.

This package requires installation of MIC for MISP. For more information on MIC, please refer to the documentation at https://community.microfocus.com/t5/ESM-and-ESM-Express/Model-Import-Connector-for-MISP-Malware-Information-Sharing/ta-p/2752381

Following use cases are covered in this package:

  • Botnet Activity
  • Dangerous Browsing
  • Internal Asset Found in Reputation List
  • Phishing
  • Ransomware
  • Suspicious Activity
  • Suspicious DNS Query
  • Suspicious Email
  • Suspicious File Hash

Following MITRE ATT&CK Techniques are covered as well:

  • T1192-Spearphishing Link
  • T1219-Remote Access Tools
  • T1486-Data Encrypted for Impact

Security Threat Monitoring:

This package monitors security threats based on security log events from firewall, IDS/IPS, OS, Application, Scanner, Anti-Virus etc.

Following use cases are included in this package:

  • Application Monitoring
  • Entity Monitoring
  • Host Monitoring
  • Malware Monitoring
  • Network Monitoring
  • Perimeter Monitoring
  • Vulnerability Monitoring

Following MITRE ATT&CK Techniques are covered as well:

  • T1189-Drive-by Compromise
  • T1190-Exploit Public-Facing Application
  • T1098-Account Manipulation
  • T1136-Create Account
  • T1068-Exploitation for Privilege Escalation
  • T1089-Disabling Security Tools
  • T1110-Brute Force
  • T1075-Pass the Hash
  • T1210-Exploitation of Remote Services
  • T1483-Domain Generation Algorithms
  • T1489-Service Stop
  • T1498-Network Denial of Service


Minimum Requirements

ESM 6.9.1 and above


Threat Intelligence Platform package requires MIC for MISP

Releases

Release
Size
Date
Threat Intelligence Platform 1.0.0.0
90.1 KB
  |  
Dec 20, 2019
More info Less info
Product compatibility
ESM
Version 6.8 · 6.9.1 · 6.11.0
Version 7.0
Release notes

Threat Intelligence Platform is design to detect security threat based on intelligence data feed from open source Malware Information Sharing Platform (MISP). It also follows MITRE ATT&CK framework.Following use cases are based on MISP feed, which is imported by MIC connector:

  • Botnet Activity
  • Dangerous Browsing
  • Internal Asset Found in Reputation List
  • Phishing
  • Ransomware
  • Suspicious Activity
  • Suspicious DNS Query
  • Suspicious Email
  • Suspicious File Hash

Following MITRE ATT&CK Techniques are covered as well:

  • T1192-Spearphishing Link
  • T1219-Remote Access Tools
  • T1486-Data Encrypted for Impact
Languages
English
Security Threat Monitoring 1.0.0.0
118.7 KB
  |  
Nov 8, 2019
More info Less info
Product compatibility
ESM
Version 6.8 · 6.9.1 · 6.11.0
Version 7.0
Release notes

This first release, and use cases are listed in full description.

Languages
English

Resources

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-1-1-1995 | Wed Jan 8 02:29:21 PST 2020