Activate Packages NEW

L1-Threat Intelligence – Indicators and Warnings

181214

Micro Focus Micro Focus Community

App Support Tiers

MICRO FOCUS SUPPORTED

Support via Micro Focus Software Support, with a ticket filed against the associated product.

PARTNER

Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.

MICRO FOCUS COMMUNITY

Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by Micro Focus customers and supported by them.

Micro Focus | Micro Focus Community

This package populates, displays and monitors the Threat Model , which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources.
0 reviews
1,886 downloads
Download
  • Have questions about this item?

  • Contact us

Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use open source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays and monitors the Threat Model , which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary and internal sources.

User cases supported by this package include:

  • Populate Threat Model from a variety of heterogeneous intelligence feeds
  • Enrich events with Threat Model data
  • Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package.Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

Active Base - Version 2.4.0.0 and later.

Releases

Release
Size
Date
L1-Threat Intelligence 1.4.0.0
76.2 KB
  |  
Nov 18, 2019
More info Less info
Product compatibility
ESM
Version 6.8 · 6.9.1 · 6.11.0
Version 7.0
Release notes

Fix bugs related to suspicious file hash use case.

Languages
English
Files
L1-Threat Intelligence 1.3.0.0
62.0 KB
  |  
May 23, 2018
More info Less info
Product compatibility
ESM
Version 6.8 · 6.9.1 · 6.11.0
Version 7.0
Release notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages
English
Files
L1-Threat Intelligence 1.2.0.0
66.4 KB
  |  
Sep 1, 2017
More info Less info
Product compatibility
ESM
Version 7.0
Version 6.8 · 6.9.1 · 6.11.0
Release notes

Added file hash use case to this package.

Languages
English
Files
L1-Threat Intelligence 1.1.0.0
61.9 KB
  |  
Nov 16, 2016
More info Less info
Product compatibility
ESM
Version 7.0
Version 6.8 · 6.11.0
Release notes
  • Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv) 
Languages
English
Files
L1-Threat Intelligence 1.0.0.0
56.7 KB
  |  
Sep 8, 2016
More info Less info
Product compatibility
ESM
Version 7.0
Version 6.8 · 6.11.0
Release notes
Beta version of L1 Activate Threat Intel package
Languages
English
Files

Resources

Documentation
Activate License
Activate Framework
Discussion Forum
Activate Framework Installation and Configuration

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-2-2-pardot-2160 | Sun Feb 23 08:42:23 PST 2020