Coronavirus (COVID-19) - SOC Prime Package

204774

SOC Prime Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

SOC Prime | Community

COVID-19 Security Package from SOC Prime is the set of search queries to detect the most active attacks that were detected during the COVID-19 specific phishing and other threats brought on by increased teleworking.

387 downloads

Description

Rules in the package cover 6 MITRE ATT&CK Techniques:

Spearphishing Attachment (T1193)
Scripting (T1064)
Deobfuscate/Decode Files or Information (T1140)
PowerShell (T1086)
Registry Run Keys / Startup Folder (T1060)
Scheduled Task (T1053)

Rules contributed by Florian Roth, SOC Prime team, @blu3_team, Markus Neis, Daniel Bohannon, Roberto Rodriguez

More details about coronavirus phishing campaign and attacks https://socprime.com/en/blog/covid-19-coronavirus-phishing/

Minimum Requirements

ArcSight Command Center
ArcSight Logger

Suggested apps

New

OpenText COMMUNITY

SmartConnector User's Guide

OpenText

Pretty much everything you need to know about collecting events using ArcSight SmartConnectors.

NetIQ Privileged Account Manager

OpenText

This NetIQ Sentinel Collector provides data-capture capabilities for NetIQ Privileged Account Manager and related products.

FREE

New

OpenText

Process

OpenText

This Novell Sentinel Connector allows you to start external processes and capture the output from those processes.

FREE

New

OpenText

Novell Access Governance Suite

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Novell Access Governance Suite and related products.

New

OpenText COMMUNITY

WebInspect API Scanning (WISwag)

OpenText

WebInspect 19.2.0 supports simplified API scanning by directly consuming OpenAPI (Swagger) and Odata API definitions.

Cisco Network Admission Control

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Cisco Network Admission Control and related products.

FREE

New

OpenText COMMUNITY

Which Tor

OpenText

An Integration command which check if IP address belongs to Tor or not

McAfee Vulnerability Manager

OpenText

This NetIQ Sentinel Collector provides data-capture capabilities for McAfee Vulnerability Manager and related products.

New

Community

Fortify SonarQube Plugin

James Rabon

Fortify SonarQube plug-in allows for importing Fortify scan results from Software Security Center into SonarQube.

1,160

Releases

Release

Size

Date

v.1.0.0 1

15.6 KB

Apr 1, 2020

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Version 1.0.0:

Initial version

Inside the file, you will find a bunch of search queries to detect threats. Just copy and paste it to Event search in the ArcSight ESM Command Center or Logger.

Languages

English

Files

Marketplace

Marketplace

Coronavirus (COVID-19) - SOC Prime Package

Product compatibility

CATEGORY

Description

Minimum Requirements

Suggested apps

SmartConnector User's Guide

NetIQ Privileged Account Manager

Process

Novell Access Governance Suite

WebInspect API Scanning (WISwag)

Cisco Network Admission Control

Which Tor

McAfee Vulnerability Manager

Fortify SonarQube Plugin

Releases

Sign in

Marketplace

Coronavirus (COVID-19) - SOC Prime Package

App Support Tiers

Product compatibility

CATEGORY

Description

Minimum Requirements

Suggested apps

SmartConnector User's Guide

NetIQ Privileged Account Manager

Process

Novell Access Governance Suite

WebInspect API Scanning (WISwag)

Cisco Network Admission Control

Which Tor

McAfee Vulnerability Manager

Fortify SonarQube Plugin

Releases

Unsubscribe from notifications

Marketplace Terms of Service

Your download has begun