This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2-Perimeter Monitoring - Situational Awareness

This is the official forum for the discussion of the L2-Perimeter Monitoring - Situational Awareness package.

 

This content is coming soon!

 

The installation/update package will be available from the ArcSight Marketplace. All new and updated Activate Framework packages will be made available on the ArcSight Marketplace (https://marketplace.microfocus.com/arcsight).

 

The documentation is available at https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L2PerimeterMonitoring .

--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity

LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

Website: https://www.opentext.com/

Parents
  • 0

    ​​

    Hi ,

    Fresh installed ESM 6.11 with latest Activate base package 2.5.1.0 but faced the same issue.

    After installing the L2-Perimeter Monitoring - Situational Awareness package I noticed 2 broken resources.  The rule "Egress Communications to Suspicious Region" and "Ingress Communications from Suspicious Region". but I found and used the respective active list from the Activate Base package, so both rules were fixed.

    However, I am not able to fix this rule as there is no such active list available. So my question is that from where should I get this active list & why it's not part of this package or base package ?

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries that cannot be found

Reply
  • 0

    ​​

    Hi ,

    Fresh installed ESM 6.11 with latest Activate base package 2.5.1.0 but faced the same issue.

    After installing the L2-Perimeter Monitoring - Situational Awareness package I noticed 2 broken resources.  The rule "Egress Communications to Suspicious Region" and "Ingress Communications from Suspicious Region". but I found and used the respective active list from the Activate Base package, so both rules were fixed.

    However, I am not able to fix this rule as there is no such active list available. So my question is that from where should I get this active list & why it's not part of this package or base package ?

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries that cannot be found

Children