This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2-Network Monitoring - Situational Awareness

This is the official forum for the discussion of the L2-Network Monitoring - Situational Awareness package.

The installation/update package is available from the ArcSight Marketplace. All new and updated Activate Framework packages is available on the ArcSight Marketplace (https://marketplace.microfocus.com/arcsight).

 

The documentation is available at https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L2NetworkMonitoring.

--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity

LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

Website: https://www.opentext.com/

Parents
  • 0

    Same here, I could not find Proxy Identified Exploit Kit Queries

  • 0   in reply to 

    Hey,

    Apologies for the delayed response. I just installed the L1-Network Monitoring and L2-Network Monitoring packages, as well as the L1-Perimeter Monitoring and L2-Perimeter Monitoring packages. For /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic, the conditions should look like this:WebProxyIdentifiedExploitTrafficConditions.png

     I know this sounds lame, but I cannot reproduce the problem you've stated. The list is at /All Active Lists/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries.

    Hope this helps,

    --

    Prentice

     

     

     

     

    --
    Prentice S. Hayes
    Principal Product Manager | Cybersecurity Enterprise, Security Analytics
    OpenText Cybersecurity

    LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

    Website: https://www.opentext.com/

  • 0   in reply to   

    Hi Prentice

    I just did a clean install of the L2-Network_Monitoring_-_Situational_Awareness_0.1.0.0 package, this was not an upgrde. I got the same problem where theres a reference to the Proxy Identified Exploit Kit Queries Active List under /Perimeter and Network Monitoring/Situational Awareness which dosnt exist in my enviroment.

    error.JPG

    It doesnt look like the Active List is included in the package also..

    Cheers

    Mark

Reply
  • 0   in reply to   

    Hi Prentice

    I just did a clean install of the L2-Network_Monitoring_-_Situational_Awareness_0.1.0.0 package, this was not an upgrde. I got the same problem where theres a reference to the Proxy Identified Exploit Kit Queries Active List under /Perimeter and Network Monitoring/Situational Awareness which dosnt exist in my enviroment.

    error.JPG

    It doesnt look like the Active List is included in the package also..

    Cheers

    Mark

Children