This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2-Network Monitoring - Situational Awareness

This is the official forum for the discussion of the L2-Network Monitoring - Situational Awareness package.

The installation/update package is available from the ArcSight Marketplace. All new and updated Activate Framework packages is available on the ArcSight Marketplace (https://marketplace.microfocus.com/arcsight).

 

The documentation is available at https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L2NetworkMonitoring.

--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity

LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

Website: https://www.opentext.com/

Parents
  • 0

    Hi,


    I installed the L2-Network Monitoring - Situational Awareness package and noticed a broken resource.  The rule "Web Proxy Identified Exploit Traffic" is dependent on an Active List that does not exist.

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries that cannot be found.

    On a side note, from the L2-Perimeter Monitoring - Situational Awareness package I noticed 2 broken resources.  The rule "Egress Communications to Suspicious Region" and "Ingress Communications from Suspicious Region".

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Egress Communications to Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found

    and

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Ingress Communications from Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found

    I used the latest packages available from the HP Marketplace and installed them in the order below.  Older versions of the packages which require migration were never installed.

    ArcSight Activate Base 2.4.0.0

    L1-Perimeter Monitoring - Indicators and Warnings

    L2-Perimeter Monitoring - Situational Awareness

    L1-Network Monitoring - Indicators and Warnings

    L2-Network Monitoring - Situational Awareness

    Has anyone else experience this?  What's the best way to resolve this issue with the broken resources?

    ​

Reply
  • 0

    Hi,


    I installed the L2-Network Monitoring - Situational Awareness package and noticed a broken resource.  The rule "Web Proxy Identified Exploit Traffic" is dependent on an Active List that does not exist.

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries that cannot be found.

    On a side note, from the L2-Perimeter Monitoring - Situational Awareness package I noticed 2 broken resources.  The rule "Egress Communications to Suspicious Region" and "Ingress Communications from Suspicious Region".

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Egress Communications to Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found

    and

    Rule /All Rules/Real-time Rules/ArcSight Activate/Solutions/Perimeter Monitoring/Situational Awareness/Ingress Communications from Suspicious Region depends on resource /All Active Lists/ArcSight Activate/Solutions/Perimeter and Network Monitoring/Situational Awareness/Suspicious Region - ITAR_OFAC Countries that cannot be found

    I used the latest packages available from the HP Marketplace and installed them in the order below.  Older versions of the packages which require migration were never installed.

    ArcSight Activate Base 2.4.0.0

    L1-Perimeter Monitoring - Indicators and Warnings

    L2-Perimeter Monitoring - Situational Awareness

    L1-Network Monitoring - Indicators and Warnings

    L2-Network Monitoring - Situational Awareness

    Has anyone else experience this?  What's the best way to resolve this issue with the broken resources?

    ​

Children
No Data