This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2-Perimeter Monitoring - Situational Awareness

This is the official forum for the discussion of the L2-Perimeter Monitoring - Situational Awareness package.

 

This content is coming soon!

 

The installation/update package will be available from the ArcSight Marketplace. All new and updated Activate Framework packages will be made available on the ArcSight Marketplace (https://marketplace.microfocus.com/arcsight).

 

The documentation is available at https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L2PerimeterMonitoring .

--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity

LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

Website: https://www.opentext.com/

Parents
  • 0

    Hi,

    I installed the L2-Perimeter Monitoring - Situational Awareness package I noticed 2 broken resources.  The rule "Egress Communications to Suspicious Region" and "Ingress Communications from Suspicious Region".

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Egress Communications to Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found

    and

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Ingress Communications from Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found


    On a side note, I also installed the L2-Network Monitoring - Situational Awareness package and noticed a broken resource.  The rule "Web Proxy Identified Exploit Traffic" is dependent on an Active List that does not exist.

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries that cannot be found.

     

    I used the latest packages available from the HP Marketplace and installed them in the order below.  Older versions of the packages which require migration were never installed.

    ArcSight Activate Base 2.4.0.0

    L1-Perimeter Monitoring - Indicators and Warnings

    L2-Perimeter Monitoring - Situational Awareness

    L1-Network Monitoring - Indicators and Warnings

    L2-Network Monitoring - Situational Awareness

    Has anyone else experience this?  What's the best way to resolve this issue with the broken resources?  From the post above, I can confirm the list is available at the location /All Active Lists/ArcSight Activate/Core/Common.  Is it advisable to update the rule and keep it in the current location?  Or update the rule and move the list to the proper location?

    ​

Reply
  • 0

    Hi,

    I installed the L2-Perimeter Monitoring - Situational Awareness package I noticed 2 broken resources.  The rule "Egress Communications to Suspicious Region" and "Ingress Communications from Suspicious Region".

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Egress Communications to Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found

    and

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Ingress Communications from Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found


    On a side note, I also installed the L2-Network Monitoring - Situational Awareness package and noticed a broken resource.  The rule "Web Proxy Identified Exploit Traffic" is dependent on an Active List that does not exist.

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries that cannot be found.

     

    I used the latest packages available from the HP Marketplace and installed them in the order below.  Older versions of the packages which require migration were never installed.

    ArcSight Activate Base 2.4.0.0

    L1-Perimeter Monitoring - Indicators and Warnings

    L2-Perimeter Monitoring - Situational Awareness

    L1-Network Monitoring - Indicators and Warnings

    L2-Network Monitoring - Situational Awareness

    Has anyone else experience this?  What's the best way to resolve this issue with the broken resources?  From the post above, I can confirm the list is available at the location /All Active Lists/ArcSight Activate/Core/Common.  Is it advisable to update the rule and keep it in the current location?  Or update the rule and move the list to the proper location?

    ​

Children
No Data