Description

The release 3.7 contains 9 new rules in the Security Threat Monitoring package to help protect Windows, AWS Security Hub, and Microsoft Office 365 environments [or] applications. It also contains 3 new rules and a new dashboard to help you monitor the health of the CyberRes Galaxy Threat Acceleration Program (GTAP)1.0 Basic and Plus Model Import Connector. This release also contains 14 updated rules with more fields in the aggregation tab.

In the release 3.6 22 new rules were added and 2 rules were updated to support MITRE ATT&CK Cloud Techniques for AWS Security Hub log source and Microsoft Office/Defender 365

In the release version 3.5, 15 new rules were added to support MITRE ATT&CK Cloud Techniques for Microsoft Azure Services

In the release version 3.4, 11 new rules were added to detect possible APT Malware and 0-day attacks, which will be triggered when the base event matches an entry in the Threat Intelligence active lists and where the threat level is Medium or High. A new active channel has been added for monitoring those rules.

In the release version 3.3, we added 7 rules to cover MITRE Techniques under two new MITRE Tactics - TA0042 Resource Development and TA0043 Reconnaissance.

In the release version 3.2, we added 3 rules to cover more MITRE ATT&CK Techniques/sub-Techniques.

In the release version 3.1, we added 77 rules to cover more MITRE ATT&CK Techniques/sub-Techniques.

In the release version 3.0, we have re-mapped the existing Default Content to support the new MITRE ATT&CK sub-techniques.

As a result of this re-mapping exercise, the Default Content now supports the techniques and sub-techniques listed below.

For a more user-friendly way of browsing this list, we recommend you to visit https://mitre.microfocus.com/.

We also provide a downloadable JSON formatted file of all Default and Non-Default Content on the above-mentioned webpage.


Threat Intelligence Platform

This package is designed to detect security threats based on intelligence data feed on open source Malware Information Sharing Platform (MISP). It also follows the MITRE ATT&CK framework.

This package requires the installation of MIC for GTAP. For more information on MIC, please refer to the documentation at https://www.microfocus.com/documentation/arcsight/galaxy-gtap-1.0/

Following use cases are covered in this package: 

  • An Alert triggers if data feeds from the GTAP Connector do not update from a specified time frame. The default time frame is two hours.
  • The new dashboard shows the health status of the GTAP Connector
  • Error messages from the GTAP Connector trigger alerts.
  • APT and 0-day Activity
  • Botnet Activity 
  • Dangerous Browsing 
  • Internal Asset Found in Reputation List 
  • Phishing 
  • Ransomware 
  • Suspicious Activity 
  • Suspicious DNS Query 
  • Suspicious Email 
  • Suspicious File Hash

Following MITRE ATT&CK Techniques/sub-techniques are covered:

TA0001 Initial Access

-T1078-Valid Accounts

--T1078.001-Default Accounts

--T1078.004-Cloud Accounts

-T1091-Replication Through Removable Media

-T1133-External Remote Services

-T1189-Drive-by Compromise

-T1190-Exploit Public-Facing Application

-T1200-Hardware Additions

-T1566-Phishing

--T1566.001-Spearphishing Attachment

--T1566.002-Spearphishing Link


TA0002 Execution

-T1047-Windows Management Instrumentation

-T1053-Scheduled Task-Job

--T1053.005-Scheduled Task

-T1059-Command and Scripting Interpreter

--T1059.001-PowerShell

--T1059.003-Windows Command Shell

-T1072-Software Deployment Tools

-T1129-Shared Modules

-T1203-Exploitation for Client Execution

-T1204-User Execution

--T1204.001-Malicious Link

--T1204.002-Malicious File

-T1559-Inter-Process Communication

--T1559.001-Component Object Model

--T1559.002-Dynamic Data Exchange

-T1569-System Services

--T1569.002-Service Execution


TA0003 Persistence

-T1053-Scheduled Task-Job

--T1053.005-Scheduled Task

-T1078-Valid Accounts

--T1078.001-Default Accounts

--T1078.004-Cloud Accounts

-T1098-Account Manipulation

-T1133-External Remote Services

-T1136-Create Account

--T1136.002-Domain Account

-T1543-Create or Modify System Process

--T1543.003-Windows Service

-T1546-Event-Triggered Execution

--T1546.011-Application Shimming

--T1546.003-Windows Management Instrumentation Event Subscription

--T1546.012-Image File Execution Options Injection

-T1547-Boot or Logon Autostart Execution

--T1547.001-Registry Run Keys and Startup Folder

--T1547.006-Kernel Modules and Extensions

-T1574-Hijack Execution Flow

--T1574.001-DLL Search Order Hijacking

--T1574.009-Path Interception by Unquoted Path


TA0004 Privilege Escalation

-T1053-Scheduled Task-Job

--T1053.005-Scheduled Task

-T1055-Process Injection

--T1055.012-Process Hollowing

-T1068-Exploitation for Privilege Escalation

-T1078-Valid Accounts

--T1078.001-Default Accounts

--T1078.004-Cloud Accounts

-T1134-Access Token Manipulation

--T1134.002-Create Process with Token

-T1543-Create or Modify System Process

--T1543.003-Windows Service

-T1546-Event-Triggered Execution

--T1546.011-Application Shimming

--T1546.003-Windows Management Instrumentation Event Subscription

--T1546.012-Image File Execution Options Injection

-T1547-Boot or Logon Autostart Execution

--T1547.001-Registry Run Keys and Startup Folder

--T1547.006-Kernel Modules and Extensions

-T1548-Abuse Elevation Control Mechanism

--T1548.002-Bypass User Access Control

--T1548.003-Sudo and Sudo Caching

-T1574-Hijack Execution Flow

--T1574.001-DLL Search Order Hijacking

--T1574.009-Path Interception by Unquoted Path


TA0005 Defense Evasion

-T1027-Obfuscated Files or Information

--T1027.002-Software Packing

-T1036-Masquerading

--T1036.002-Right-to-Left Override

--T1036.003-Rename System Utilities

--T1036.005-Match Legitimate Name or Location

--T1036.006-Space after Filename

-T1055-Process Injection

--T1055.012-Process Hollowing

-T1070-Indicator Removal on Host

--T1070.004-File Deletion

-T1078-Valid Accounts

--T1078.001-Default Accounts

--T1078.004-Cloud Accounts

-T1090-Proxy

--T1090.001-Internal Proxy

--T1090.003-Multi-hop Proxy

-T1112-Modify Registry

-T1127-Trusted Developer Utilities Proxy Execution

--T1127.001-MSBuild

-T1134-Access Token Manipulation

--T1134.002-Create Process with Token

-T1140-Deobfuscate-Decode Files or Information

-T1202-Indirect Command Execution

-T1216-Signed Script Proxy Execution

--T1216.001-PubPrn

-T1218-Signed Binary Proxy Execution

--T1218.001-Compiled HTML File

--T1218.002-Control Panel

--T1218.003-CMSTP

--T1218.004-InstallUtil

--T1218.005-Mshta

--T1218.007-Msiexec

--T1218.009-RegsvcsRegasm

--T1218.010-Regsvr32

--T1218.011-Rundll32

-T1220-XSL Script Processing

--T1221-Template Injection

-T1497-Virtualization-Sandbox Evasion

--T1497.002-User Activity-Based Checks

-T1548-Abuse Elevation Control Mechanism

--T1548.002-Bypass User Access Control

--T1548.003-Sudo and Sudo Caching

-T1550-Use Alternate Authentication Material

--T1550.002-Pass the Hash

-T1562-Impair Defenses

--T1562.001-Disable or Modify Tools

--T1562.002-Disable Windows Event Logging

--T1562.004-Disable or Modify System Firewall

--T1562.008-Possible AWS CloudTrail Logging Disabled

-T1574-Hijack Execution Flow

--T1574.001-DLL Search Order Hijacking

--T1574.009-Path Interception by Unquoted Path


TA0006 Credential Access

-T1003-OS Credential Dumping

--T1003.001-LSASS Memory

--T1003.002-Security Account Manager

--T1003.003-NTDS

-T1040-Network Sniffing

-T1056-Input Capture

--T1056.001-Keylogging

--T1056.004-Credential API Hooking

-T1110-Brute Force

--T1110.001-Password Guessing

--T1110.003-Password Spraying

-T1552-Unsecured Credentials

--T1552.002-Domain Trust Discovery

-T1555-Credentials from Password Stores

--T1555.003-Credentials from Web Browsers


TA0007 Discovery

-T1010-Application Window Discovery

-T1012-Query Registry

-T1016-System Network Configuration Discovery

-T1018-Remote System Discovery

-T1033-System Owner-User Discovery

-T1040-Network Sniffing

-T1046-Network Service Scanning

-T1049-System Network Connections Discovery

-T1057-Process Discovery

-T1069-Permission Groups Discovery

-T1082-System Information Discovery

-T1083-File and Directory Discovery

-T1087-Account Discovery

--T1087.001-Local Account

--T1087.002-Domain Account

-T1135-Network Share Discovery

-T1201-Password Policy Discovery

-T1217-Browser Bookmark Discovery

-T1482-Domain Trust Discovery

-T1497-Virtualization-Sandbox Evasion

--T1497.002-User Activity-Based Checks

-T1518-Software Discovery

--T1518.001-Security Software Discovery


TA0008 Lateral Movement

-T1021-Remote Services

--T1021.001-Remote Desktop Protocol

--T1021.002-SMB-Windows Admin Shares

--T1021.003-Distributed Component Object Model

--T1021.006-Windows Remote Management

-T1072-Software Deployment Tools

-T1091-Replication Through Removable Media

-T1210-Exploitation of Remote Services

-T1550-Use Alternate Authentication Material

--T1550.002-Pass the Hash


TA0009 Collection

-T1005-Data from Local System

-T1039-Data from Network Shared Drive

-T1056-Input Capture

--T1056.001-Keylogging

--T1056.004-Credential API Hooking

-T1074-Data Staged

-T1113-Screen Capture

-T1114-Email Collection

-T1115-Clipboard Data

-T1213-Data from Information Repositories

--1213.002-Sharepoint

-T1560-Archive Collected Data

--T1560.001-Archive via Utility

TA0010 Exfiltration

-T1041-Exfiltration Over Command and Control Channel

-T1048-Exfiltration Over Alternative Protocol

--T1048.003-Exfiltration Over Unencrypted or Obfuscated Non-C2

-T1052-Exfiltration Over Physical Medium

--T1052.001-Exfiltration over USB


TA0011 Command and Control

-T1071-Application Layer Protocol

--T1071.004-DNS

-T1090-Proxy

--T1090.001-Internal Proxy

--T1090.003-Multi-hop Proxy

-T1105-Ingress Tool Transfer

-T1132-Data Encoding

--T1132.001-Standard Encoding

-T1219-Remote Access Software

-T1568-Dynamic Resolution

--T1568.002-Domain Generation Algorithms

-T1571-Non-Standard Port

-T1573-Encrypted Channel

--T1573.002-Asymmetric Cryptography


TA0040 Impact

-T1486-Data Encrypted for Impact

-T1489-Service Stop

-T1490-Inhibit System Recovery

-T1496-Resource Hijacking

-T1498-Network Denial of Service

--T1498.001-Direct Network Flood

-T1537-Transfer Data to Cloud Account


TA0042 Resource Development (New)

-T1587-Develop Capabilities

--T1587.003-Digital Certificates


TA0043 Reconnaissance (New)

-T1595-Active Scanning

--T1595.001-Scanning IP Blocks

--T1595.002-Vulnerability Scanning

In the release version 3.7, following MITRE IDs were added or rules were added to existing MITRE IDs:

T1003.006 T1213.002 T1218 T1218.008 T1530 T1546.001 T1560 T1574.012

Following new rules were added:

  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS S3 Policy Misconfiguration
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS S3 Unauthorized Access
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/SharePoint Activity by Privileged User
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/COR_PROFILER to Hijack Program Execution Flow
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Odbcconf to Proxy Execution of Malicious Payloads
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Possible Archive of Collected Data Using PowerShell
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Possible Change of Default File Association
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Possible DCSync OS Credential Dumping
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Signed Binary Proxy Execution
  • /All Rules/ArcSight Foundation/Threat Intelligence Platform/GTAP SmartConnector Health/No Update from GTAP SmartConnector
  • /All Rules/ArcSight Foundation/Threat Intelligence Platform/GTAP SmartConnector Health/Error in GTAP SmartConnector Service Message
  • /All Rules/ArcSight Foundation/Threat Intelligence Platform/GTAP SmartConnector Health/Track GTAP SmartConnector Service Message

Following rules are updated:

  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Application Monitoring/Malicious PowerShell Commandlets
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/MetaSploit Detected
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Script Executed On Critical Host
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Application Monitoring/Suspicious Powershell Command Line Argument Detected
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Application Monitoring/Shell Command Execution
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Application Monitoring/API Hooking Detected
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Network Monitoring/System Network Configuration Discovery
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Network Monitoring/Remote System Discovery
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Network Monitoring/Suspicious Network Sniffing
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Application Monitoring/Remote PowerShell Session Activity On Host
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Windows Hooking API Used by PowerShell
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Suspicious Remote System Discovery Commands Entered On Linux
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Suspicious Remote System Discovery Commands Entered On Windows
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Suspicious SharePoint Activity

In the release version 3.6, following MITRE IDs were added or rules were added to existing MITRE IDs:

T1046 T1078.001 T1078.004 T1087.002 T1110.001 T1136.002 T1204.002 T1213.002 T1221 T1496 T1498.001 T1537 T1546.003 T1562.001 T1566 T1566.002 T1568.002 T1571

Following new rules were added

  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Email with Malicious Url
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Unusual Policy Changes on S3 buckets
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Instance Querying DGA Domains
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS EC2 Unusual Port Traffic
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Phishing Activity from EC2 Instance
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Files Created
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Pentest Activity
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Root Account Usage
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Possible Domain Account Created
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Account Privilege Escalation Activity
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Brute Force Activity from EC2 Instance
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Unusual Microsoft Office Network Connections
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Possible WMI Persistence
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Exfiltration Activity
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Port Scan
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Impossible Travel
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS DoS Activity from EC2 Instance
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS Password Policy Changed
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Host Monitoring/Possible Domain Account Discovery
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Suspicious SharePoint Activity
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/AWS EC2 Bitcoin Activity
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Malware Monitoring//Malware Detected On File Downloaded on Machine

Following rules were updated:

  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Application Monitoring/Sudo Command Execution Detected
  • /All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Monitoring Disabled

-------------------------------------------------------------------------------

System Requirements

========================

Micro Focus ArcSight ESM 7.2 or above.

-------------------------------------------------------------------------------


To install this package:

===========================

The zip file contains three files: package arb file, a signature of arb file, and release note.

Micro Focus provides a digital public key to enable you to verify that the signed software you received is indeed from Micro Focus and has not been manipulated in any way by a third party. Visit the following site for information and instructions:

https://entitlement.mfgs.microfocus.com/ecommerce/efulfillment/digitalSignIn.do

It is required to log in using a Microfocus/Software passport (It gives the option to create an account)


Perform the following steps in the ArcSight Console.

1. Go to the ArcSight Console.

2. Click on Packages

3. Click Import

4. Select package arb file from the zip file

5. Follow the prompts to import and install this package


To upgrade this package from version 1.x or 2.x

============================

Uninstall the following old version packages:

Security Monitoring - Base - Active Lists

Note: following 3 packages will be uninstalled automatically as well:

Security Monitoring - Base

Security Threat Monitoring

Threat Intelligence Platform

Then install the latest version package through the console

To upgrade this package from version 3.x

You can install new version packages through the console directly without uninstalling the old version package


To uninstall:

=============================

Right-click package from ArcSight Console, then selects "Uninstall Package".


Sample replay events

This zip file contains four files: two replay events, one arb package, and readme.

In order to trigger/test rules in the default content, you need to:

1) Enable rules which you want to test

2) Install the package in this zip file for testing rules in the Threat Intelligence Platform package


Minimum Requirements

ESM 7.2 and above

Threat Intelligence Platform package requires MIC for GTAP

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
Sample Replay Events 3.7.0.0
151.6 KB
  |  
May 16, 2022
More info Less info
Product compatibility
ESM
Version 6.8 · 6.11.0 · 6.9.1
Version 7.0 · 7.2 · 7.3 · 7.1 · 7.4 · 7.5 · 7.6
Release notes

Add more replay events to support new added rules in release 3.7.

Languages
English
Files
Threat Intelligence Platform 3.7.0.0
404.8 KB
  |  
May 16, 2022
More info Less info
Product compatibility
ESM
Version 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

This release contains new rules and a new dashboard to help you monitor the health of the CyberRes Galaxy Threat Acceleration Program (GTAP)1.0 Basic and Plus Model Import Connector

Languages
English
Security Threat Monitoring 3.7.0.0
569.5 KB
  |  
May 16, 2022
More info Less info
Product compatibility
ESM
Version 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

This release contains new resources in the Security Threat Monitoring package to help protect Windows, AWS Security Hub, and Microsoft Office 365 environments [or] applications.

Languages
English
Threat Intelligence Platform 3.6.0.0
483.5 KB
  |  
Mar 21, 2022
More info Less info
Product compatibility
ESM
Version 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

New content for GTAP.

Languages
English
Security Threat Monitoring 3.6.0.0
655.3 KB
  |  
Dec 2, 2021
More info Less info
Product compatibility
ESM
Version 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

In the release 3.6 22 new rules were added and 2 rules were updated to support MITRE ATT&CK Cloud Techniques for AWS Security Hub log source and Microsoft Office/Defender 365

Languages
English
Security Threat Monitoring 3.5.0.0
609.4 KB
  |  
Sep 1, 2021
More info Less info
Product compatibility
ESM
Version 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

In the release version 3.5, We added new rules that support MITRE ATT&CK Cloud Techniques for Microsoft Azure Services.

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Azure Resource Group Deleted

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Azure Runbook Created

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Azure Runbook Deleted

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Azure Service Principal Created

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Account Created

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Firewall Deleted

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Instance Created By Recent User Created

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Instance Deleted By Recent User Created

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Instance Snapshot By Recent User Created

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Key Vault Deleted

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Key Vault Updated

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Monitoring Disabled

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Network Monitoring Disabled

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Cloud Storage Deleted

/All Rules/ArcSight Foundation/Security Threat Monitoring/Cloud Monitoring/Multiple Cloud Firewall Updates

Languages
English
Threat Intelligence Platform 3.5.0.0
254.3 KB
  |  
Sep 1, 2021
More info Less info
Product compatibility
ESM
Version 7.2 · 7.3 · 7.4 · 7.5 · 7.6
Release notes

Bug fixing.

Languages
English

Resources

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the Micro Focus Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2022-6-2-4916 | Thu Jun 23 00:32:11 PDT 2022