Dear community member,
Our threat Intelligence solutions are integrated with VirusTotal's portal. When you find an asset you are responsible for reporting malware or malicious activity, you can trigger a false positive reporting process implemented…
Situation
The user would like to know how to fully uninstall arcmc agent on CLI of software Logger
Solution:
In this video, it will show you how to fully uninstall arcmcagent on software Logger
Happy New Year to our ArcSight community! As many of you may know already, there have been several ArcSight Nation activities since its launch. There will be more. Our new hub is where you have on-demand access to information regarding past and future…
During your POC your Security Engineer will walk you thru many of the features and functions of the ArcSight SIEM. Many times, distractions occur or we just need a quick reminder.
I have created this mini lesson to act as a reminder on what the product…
On rare occasions one will need to log into mysql from an ssh shell. To do this, run the following:
cd /opt/arcsight/logger/current/arcsight/bin
./mysql -u arcsight -p arcsight
Summary
This procedure is to obtain a new CA-signed SSL certificate when it is expired, hostname changed, or switching from self-signed to CA-signed SSL certificate, optionally with Subject Alternative Names (SAN) by arcsight keytool commands
Products…
Objective
The objective of this section is to Expand your EBS volumes when Raid 0 is configured.
Current setup
On our cluster, all 6 nodes were currently having the following configuration
8 * 150 GB EBS volumes (i.e., equivalent to 1.2 TB)…
This guide walks through the key concepts and structure of ArcSight SOAR integration plugins and provides step-by-step descriptions with code samples for both REST-API and SSH based integrations.
PDF
Original Question: Reminder: Microsoft Windows Event Log – Unified Connector (WUC) Reached End of Support by Kousalya_N
In case you missed it, in the SmartConnector 8.3.0 Release Notes published in February 2022, the Microsoft Windows Event Log – Unified…
To export Trends run the following commands:
DBTODUMP=arcsight
SQL="SET group_concat_max_len = 10240;"
SQL="${SQL} SELECT GROUP_CONCAT(table_name separator ' ')"
SQL="${SQL} FROM information_schema.tables WHERE table_schema='${DBTODUMP}'"
SQL…
As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide and is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved…
March 31, 2022
This guide walks through adding Fusion 1.5 to an existing ESM 7.6 deployment. First, we’ll install the ArcSight Platform “from the ground up” with CentOS 7.9 Minimal installed nodes. Then, we’ll configure SSO with Fusion and ESM. Contents…
Technical Insights for You
When: Wednesdays across multiple time zones
Where: GoTo Webinar link provided to registered participants
Cost: Free
Register Now>
Best Practice for ArcSight Logger, March 9
Speaker: Serguei Esquivel, WW Customer…
Technical Insights for You
When: Wednesdays across multiple time zones
Where: GoTo Webinar link provided to registered participants
Cost: Free
Register Now>
SecOps - Log Management by Recon, March 2nd
16:00 PM - 17:00 PM (CET)/10.00…
a few seconds ago
Technical Insights for You
When: Wednesdays across multiple time zones
In this session we will cover a few areas related to non-SaaS ArcSight Intelligence product with focus on troubleshooting. This training is designed…
Hy all!
/MAYBE I JUST COMPLICATED MY LIFE TOO MUCH, I JUST SIMPLY WANTED A SHINY INTELLIGENCE UI WITH ALL THE AVAILABLE SOLUTIONS./
While i've been testing the capabilities of intelligence, i was wondering why i couldn't enrich entities like 'printer…
November 12, 2021
Below are threat hunting searches that can be used in ArcSight Recon. The MITRE ATT&CK searches are Logger searches from the MITRE ATTACK Package for ArcSight Logger on ArcSight Marketplace . These searches can be used in ArcSight…
Original Question: How to setup a .csv file imported into ArcSight from a networked drive in either a Batch or real-time process? by foluwa_fmr
Verified answer by pbrettle
You have a CSV file and you want to get this into ArcSight ESM
Let me cover…
April 1, 2022
These guides walk through adding SOAR to an existing ESM deployment. First, we’ll cover ESM content that needs to be configured. Next, we’ll install the ArcSight Platform “from the ground up” with CentOS 7.9 Minimal installed nodes. Then…
read more at microfocus
Taming the Security Alert Tsunami with Automation
If an org is running a Security Operations Centre (SOC) that is overwhelmed with a tsunami of alerts, then find out what to do about it with our new SecOps blog! …
read more at microfocus
Ransomware Reality and Survival
The ransomware kill chain usually consists of multiple tactics such as initial access, persistence, lateral movement, and exfiltration. For example, the most common ransomware attack…
read more at techbeacon
Secure your IoT: Why smart attack and insider threat detection is key
As we retrieve real-time data from IoT devices and count on it to be accurate, it is important to know that those devices are secure and transmitting…
read more at microfocus
Can Artificial Intelligence Truly Enhance Cybersecurity and our Ability to Adapt to Threats?
Tell your followers that with the ever increasing cyber threats that orgs face today, Artificial Intelligence is needed…
In ArcMC or agent.properties
ARCMC
look for reservedkeys.db.oracle.jdbc.driver.OracleDriver.regex and replace the current entry with:
jdbc:oracle:thin:@(?:.*[Hh][Oo][Ss][Tt]\s*=\s*)?(?:\[(\S+)\]|([^:)]*))(?:(?:.*[Pp][Oo][Rr][Tt]\s*=\s*|:)…