L1-Threat Intelligence - Indicators and Warnings (Obsolete)

181214

OpenText OpenText Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

OpenText | OpenText Community

2,301 downloads

Product compatibility

Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use an open-source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open-source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary, and internal sources.

User cases supported by this package include:

Populate Threat Model from a variety of heterogeneous intelligence feeds
Enrich events with Threat Model data
Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package. Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

HIDDEN COBRA data feeds - https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/HiddenCobraThreat
Ransomware data feeds - https://ransomwaretracker.abuse.ch/feeds/csv

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

• Active Base - Version 2.4.0.0 and later.

Releases

Release

Size

Date

L1-Threat Intelligence 1.4.0.0

76.2 KB

Nov 18, 2019

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Fix bugs related to suspicious file hash use case.

Languages

English

Files

L1-Threat Intelligence 1.3.0.0

62.0 KB

May 23, 2018

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages

English

Files

L1-Threat Intelligence 1.2.0.0

66.4 KB

Sep 1, 2017

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Added file hash use case to this package.

Languages

English

Files

L1-Threat Intelligence 1.1.0.0

61.9 KB

Nov 16, 2016

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv)

Languages

English

Files

L1-Threat Intelligence 1.0.0.0

56.7 KB

Sep 8, 2016

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Beta version of L1 Activate Threat Intel package

Languages

English

Files

Resources

Documentation

Activate License

Activate Framework

Discussion Forum

Activate Framework Installation and Configuration

Marketplace

Marketplace

L1-Threat Intelligence - Indicators and Warnings (Obsolete)

Product compatibility

CATEGORY

Description

Minimum Requirements

Releases

Resources

Sign in

Marketplace

L1-Threat Intelligence - Indicators and Warnings (Obsolete)

App Support Tiers

Product compatibility

CATEGORY

Description

Minimum Requirements

Releases

Resources

Unsubscribe from notifications

Marketplace Terms of Service

Your download has begun