SOC Prime Community
Support via Micro Focus Software Support, with a ticket filed against the associated product.
Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.
Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.
Community Contributed Content is provided by Micro Focus customers and supported by them.
Ransomware Hunter natively integrates with ArcSight and leveragesstatistical profiling and behavioral analysis methods, OSINT feeds including Ransomware Tracker by Abuse.ch and Detect Tor feed as well as strictly defined correlation rules. This enables organizations to spot and stop any Ransomware as early as possible. Due to adversaries continuously bypassing traditional defense systems in both wide-spectre and targeted attacks (APT), accurate and timely detection followed by Incident Response can completely prevent any threat and damage posed by Ransomware. Ransomware Hunter provides detection and automatic alerting capabilities at Reconnaissance, Delivery, Exploitation, Installation, Command and Control (C2) and Action on Objectives phases, thus covering full threat Life-cycle according to Cyber Kill Chain methodology.
- HPE ArcSight ESM 6.9 or higher;
It also requires properly configured categorization for Log Sources.
Recommend install Data Quality Framework package to control categorization. Additional: Any Linux server or workstation with access to SIEM and web sites (https, port 443) for script:
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox