L1-Threat Intelligence – Indicators and Warnings

181214

Micro Focus Micro Focus Community

Micro Focus | Micro Focus Community

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources.

0 reviews

2,084 downloads

See previous releases

Product compatibility

ESM

CATEGORY

ArcSight | Activate L1 Indicators and Warnings

Screenshots
Description
Requirements
Suggested apps
Releases
Resources
Reviews

Have questions about this item?

Contact us
Subscribe to receive update notifications for this item
Subscribe

Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use an open-source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open-source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary, and internal sources.

User cases supported by this package include:

Populate Threat Model from a variety of heterogeneous intelligence feeds
Enrich events with Threat Model data
Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package. Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

HIDDEN COBRA data feeds - https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/HiddenCobraThreat
Ransomware data feeds - https://ransomwaretracker.abuse.ch/feeds/csv

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

• Active Base - Version 2.4.0.0 and later.

Suggested apps

Micro Focus COMMUNITY

Firewall Monitoring

Micro Focus

The Firewall Monitoring use case has been updated. Firewall Monitoring 1.2 provides improved content and performance, as well as additional resources

Micro Focus COMMUNITY

Activate P-Blue Coat Proxy

Micro Focus

Product package covering proxy traffic events from Blue Coat.

Micro Focus COMMUNITY

Brute Force Attack

Micro Focus

The Brute Force Attack use case uncovers and tracks, in real-time, attempts and confirmed attacks using a brute force technique on network assets and applications.

Sysmon Framework

SOC Prime

Sysmon Framework is a set of rules and dashboards for the visualization of multiple security checks on Sysmon’s events on Windows hosts.

Microsoft Sysmon FlexConnector

Kevin Q

FlexConnector for the extraction and categorization of the “Microsoft-Windows-Sysmon/Operational” Windows Event Log using Microfocus ArcSight Windows Native SmartConnector Updated for Sysmon V 10.x

SolarWinds SUNBURST Detection

Yun Peng

This package detects SolarWinds SUNBURST attacks.

Micro Focus COMMUNITY

RSA ACE SNMP Trap Parser Override

Micro Focus

Puts the Sending Agent into the Device Address field.

Micro Focus COMMUNITY

Activate Base

Micro Focus

ArcSight Activate is a modular content development method designed to quickly deploy actionable use cases. The framework will unify our development methodology, allowing us to create portable content packages.

Micro Focus COMMUNITY

IDS IPS Monitoring Package

Micro Focus

The IDS - IPS Monitoring use case provides an overview of the activity identified by the Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) on your network

Releases

Release

Size

Date

L1-Threat Intelligence 1.4.0.0

76.2 KB

|

Nov 18, 2019

More info Less info

Product compatibility

ESM

Version 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.9.1 · 6.11.0

Release notes

Fix bugs related to suspicious file hash use case.

Languages

English

Files

(76.2 KB)

L1-Threat Intelligence 1.3.0.0

62.0 KB

|

May 23, 2018

More info Less info

Product compatibility

ESM

Version 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.9.1 · 6.11.0

Release notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages

English

Files

(62.0 KB)

L1-Threat Intelligence 1.2.0.0

66.4 KB

|

Sep 1, 2017

More info Less info

Product compatibility

ESM

Version 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.9.1 · 6.11.0

Release notes

Added file hash use case to this package.

Languages

English

Files

(66.4 KB)

L1-Threat Intelligence 1.1.0.0

61.9 KB

|

Nov 16, 2016

More info Less info

Product compatibility

ESM

Version 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.11.0

Release notes

Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv)

Languages

English

Files

(61.9 KB)

L1-Threat Intelligence 1.0.0.0

56.7 KB

|

Sep 8, 2016

More info Less info

Product compatibility

ESM

Version 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.11.0

Release notes

Beta version of L1 Activate Threat Intel package

Languages

English

Files

(56.7 KB)

Resources

Documentation

Activate License

Activate Framework

Discussion Forum

Activate Framework Installation and Configuration

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-4-1-3979 | Wed Apr 7 06:55:03 PDT 2021