L1-Threat Intelligence – Indicators and Warnings

181214

Micro Focus Micro Focus Community

Micro Focus | Micro Focus Community

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources.

0 reviews

2,144 downloads

See previous releases

Product compatibility

ESM

CATEGORY

ArcSight

Screenshots
Description
Requirements
Suggested apps
Releases
Resources
Reviews

Have questions about this item?

Contact us
Subscribe to receive update notifications for this item
Subscribe

Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use an open-source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open-source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary, and internal sources.

User cases supported by this package include:

Populate Threat Model from a variety of heterogeneous intelligence feeds
Enrich events with Threat Model data
Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package. Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

HIDDEN COBRA data feeds - https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/HiddenCobraThreat
Ransomware data feeds - https://ransomwaretracker.abuse.ch/feeds/csv

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

• Active Base - Version 2.4.0.0 and later.

Suggested apps

Micro Focus COMMUNITY

ESM Default Content

Micro Focus

ESM Default Content includes Security Threat Monitoring package and Threat Intelligence Platform package, It also includes resources for tracking Techniques from the MITRE ATT& CK framework.

Micro Focus COMMUNITY

L1-WannaCry Malware Detection - Indicators and Warnings

Micro Focus

L1-WannaCry Malware Detection - Indicators and Warnings package is intended to support L2-APT10 WannaCry Malware Detection - Situational Awareness to detect WannaCry Malware IOCs incidents.

Micro Focus COMMUNITY

L1-Network Monitoring - Indicators and Warnings

Micro Focus

The L1-Network Monitoring - Indicators and Warnings content is focused on network events regarding the traffic and information in transit through the network.

Micro Focus COMMUNITY

Antivirus Monitoring

Micro Focus

The Antivirus Monitoring Security Use Case monitors virus activities in your enterprise and displays them on a dashboard.

Micro Focus COMMUNITY

L1-Entity Monitoring

Micro Focus

The L1-Entity Monitoring - Indicators and Warnings package is designed to identify anomalies dealing with account authentication and management.

Micro Focus COMMUNITY

L1-Malware Monitoring

Micro Focus

L1 Malware Monitoring - Indicators and Warnings package is intended to provide both simple indicators of potential malware incidents as well as a framework to support L2 Malware Monitoring - Situational Awareness content.

Micro Focus COMMUNITY

L1-Perimeter Monitoring - Indicators and Warnings

Micro Focus

The L1 Perimeter Monitoring - Indicators and Warnings content is focused on events regarding boundary transitions and connections between entities.

Micro Focus COMMUNITY

Collective Intel Framework FlexConnector

Micro Focus

CIF FlexConnector for Threat Intelligence feeds.

Micro Focus COMMUNITY

L2-APT10 Cloud Hopper Monitoring

Micro Focus

This package is intended to provide ArcSight context to L1-APT10 Cloud Hopper Monitoring - Indicators and Warnings events, using both the ArcSight Network and Asset Model to alert the SOC Analyst and Operator of potential APT10 IOCs in critical hosts.

Releases

Release

Size

Date

L1-Threat Intelligence 1.4.0.0

76.2 KB

|

Nov 18, 2019

More info Less info

Product compatibility

ESM

Version 7.6 · 7.5 · 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.9.1 · 6.11.0

Release notes

Fix bugs related to suspicious file hash use case.

Languages

English

Files

(76.2 KB)

L1-Threat Intelligence 1.3.0.0

62.0 KB

|

May 23, 2018

More info Less info

Product compatibility

ESM

Version 7.6 · 7.5 · 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.9.1 · 6.11.0

Release notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages

English

Files

(62.0 KB)

L1-Threat Intelligence 1.2.0.0

66.4 KB

|

Sep 1, 2017

More info Less info

Product compatibility

ESM

Version 7.6 · 7.5 · 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.9.1 · 6.11.0

Release notes

Added file hash use case to this package.

Languages

English

Files

(66.4 KB)

L1-Threat Intelligence 1.1.0.0

61.9 KB

|

Nov 16, 2016

More info Less info

Product compatibility

ESM

Version 7.6 · 7.5 · 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.11.0

Release notes

Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv)

Languages

English

Files

(61.9 KB)

L1-Threat Intelligence 1.0.0.0

56.7 KB

|

Sep 8, 2016

More info Less info

Product compatibility

ESM

Version 7.6 · 7.5 · 7.4 · 7.3 · 7.2 · 7.0

Version 6.8 · 6.11.0

Release notes

Beta version of L1 Activate Threat Intel package

Languages

English

Files

(56.7 KB)

Resources

Documentation

Activate License

Activate Framework

Discussion Forum

Activate Framework Installation and Configuration

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2022-1-1-4548 | Wed Jan 19 06:11:08 PST 2022