Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use an open-source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open-source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary, and internal sources.

User cases supported by this package include:

  • Populate Threat Model from a variety of heterogeneous intelligence feeds
  • Enrich events with Threat Model data
  • Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package. Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

• Active Base - Version 2.4.0.0 and later.

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
L1-Threat Intelligence 1.4.0.0
76.2 KB
  |  
Nov 18, 2019
More info Less info
Product compatibility
ESM
Version 6.8 · 6.11.0 · 6.9.1
Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

Fix bugs related to suspicious file hash use case.

Languages
English
L1-Threat Intelligence 1.3.0.0
62.0 KB
  |  
May 23, 2018
More info Less info
Product compatibility
ESM
Version 6.8 · 6.11.0 · 6.9.1
Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages
English
Files
L1-Threat Intelligence 1.2.0.0
66.4 KB
  |  
Sep 1, 2017
More info Less info
Product compatibility
ESM
Version 6.8 · 6.11.0 · 6.9.1
Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

Added file hash use case to this package.

Languages
English
Files
L1-Threat Intelligence 1.1.0.0
61.9 KB
  |  
Nov 16, 2016
More info Less info
Product compatibility
ESM
Version 6.8 · 6.11.0
Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes
  • Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv) 
Languages
English
L1-Threat Intelligence 1.0.0.0
56.7 KB
  |  
Sep 8, 2016
More info Less info
Product compatibility
ESM
Version 6.8 · 6.11.0
Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes
Beta version of L1 Activate Threat Intel package
Languages
English

Resources

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2024-3-2-6097 | Wed Mar 27 04:29:56 PDT 2024