• Report false positive for ArcSight Threat Intelligence

    Nous avons récemment découvert que notre site web a été ajouté à la catégorie "suspicious" d'ArcSight Threat Intelligence via l'outil VirusTotal. Nous avons tenté d'envoyer une demande à ces adresses email : arcsight-virustotal@microfocus.com et mfi-cyberresarcsightsales…
  • Please where can I navigate to view the Arcsight Threat Intelligence?

    Arcsight ESM
  • Sigma rules guide: threat hunting for ESM, ArcSight Command Center and Logger

    Hello dear community, As you know ArcSight ESM is only as smart as the content that we build there. After sharing hundreds of rules through last 2 years in response to WannaCry, NotPetya, Bad Rabbit etc. we quickly came to realization that there is a…
  • Open source Threat Intelligence integration into 6.9.1 ESM

    Hi Guys, I need to integrate Open source Threat Intelligence in 6.9.1 ESM to monitor the malicious Ip , Domain and URL. Request your assistance how to configure it. Kindly provide the documentation any one have to do this. Regards, Syed Yusuf…
  • HOWTO: Threat Intel and Logger - simple options of integration

    The subject of using Logger to do some simple threat intelligence analysis comes up from time to time and I thought I would put some effort into providing some examples of what I have done in the past. Logger has the the ability to integrate Lookup lists…
  • Threat Intelligence with Arcsight

    Hello, my name is Emanuel Palmeira, i have a question about Threat intelligence integration with Arcsight. I have a sql server database with Threat Intelligence data, i would like to integrate wth Arcsight, but im not sure how to do it. I know arcsight…
  • L1-Threat Intelligence: CIF Server FlexConnector

    This is the official forum for discussing the CIF Server FlexConnector, as described in the Activate Wiki .
  • L2-Threat Intelligence - Situational Awareness

    This is the official forum for discussing the basic ArcSight Activate L2-Threat Intelligence - Situational Awareness package, as described in the Activate Wiki . Version 1.1.0.0 TI: (L2-Threat_Intelligence_-_Situational_Awareness_1.1.0.0.arb) New…
  • L1-Threat Intelligence - Indicators and Warnings

    This is the official forum for discussing the basic ArcSight Activate L1-Threat Intelligence - Indicators and Warnings package, as described in the Activate Wiki . Version 1.1.0.0 TI: (L1-Threat_Intelligence_-_Indicators_and_Warnings_1.1.0.0.arb) …
  • Threat Intelligence Talk from SANS DFIR Summit

    Interesting talk from the SANS DFIR Summit 2016 by Robert M. Lee and Erick Mandt DFIR Summit 2016: Leveraging Cyber Threat Intelligence in an Active Cyber Defense - YouTube
  • soc-prime-ransomware-hunter-basic-1.2.zip

  • Hunting Ransomware using ArcSight: proactive detection & response

    Hello dear community, This is a thread with free content to detect and stop Ransomware using ArcSight ESM & Express platform. As you know, Ransomware attacks have risen drastically in number during last 3 years. Total damage amount caused to organizations…
  • Qbot Botnet - Exfiltration - Threat

    Dear All, Qakbot (aka Qbot) is an information stealing botnet capable of spreading across a network via network shares. Although Qakbot has been infecting computers since 2009, US-CERT has observed a recent increase in reporting of new infections. Please…
  • Open Source Intelligence - Discussion

    Hello guys, I'm interested in integrating an open source intelligence tool into ArcSight. I'm used to ArcOSI and at a crossroads now, and I'd like to hear opinions on the subject. What do you think of implementing ArcOSI, and necessarily creating use…
  • RepSM/DVLabs Active-Lists

    Been running the RepSM package for a few months now... I'm noticing that the malicious IP and Domain lists have no TTL on them which seems to start working in false positives for our analysts. I'm sure this is for a good reason(long stand bad actors)…
  • Kaspersky Labs Technical Details Report - The Mystery of Duqu 2.0 - A Sophisticated Cyberespionage Actor Returns - Jun 2015

    Kaspersky Labs released a Technical Details Report on the Duqu 2.0 malware used in the intrusion they recently reported. There's a lot of solid techical details in here that can be used to add to the IOCs identified in here -> Please feel free to update…
  • Duqu 2.0 Malware - Indicators of Compromise

    IP Addresses - Command and Control C2 Servers 182.253.220.29 186.226.56.103 File Hash Values - MD5 SUM Action Loaders 089a14f69a31ea5e9a5b375dc0c46e45 16ed790940a701c813e0943b5a27c6c1 26c48a03a5f3218b4a10f2d3d9420b97 a6dcae1c11c0d4dd146937368050f655 acbf2d1f8a419528814b2efa9284ea8b…