Threat Detection and Response Discussions

Use the active list to detect suspicious IP addresses in any event and change the criticality level to maximum

Bohdan Hotsuliak

Hi Help me implement the mechanics of detecting suspicious addresses in arbitrary events using an actin list. Now I'm trying to describe a rule that will compare the Indicator Value list column and the Device Address field of the event and if there…
- Answered
- 8 months ago
- OpenText Threat Detection and Response (ArcSight)
- Threat Detection and Response Discussions
Compare physical presence vs. logins

MigrationDeletedUser

Hi all, could you please help me with rule(s), which will be able to catch logins (failed and successful) to active directory, but this person isn't in PC's location? We have: 1) Active list with people, who are in buildings (populated by logs from card…
- over 13 years ago
- OpenText Threat Detection and Response (ArcSight)
- Threat Detection and Response Discussions

Resources

Learning Services

Partner Programs

Privacy

Compliance

Help

Company

Privacy Policy
Terms of Use
Cookies Preferences

Accessibility
Anti-Slavery Statement

Support
Contact Us

Careers
Code of Business Conduct and Ethics

The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.