L1-Threat Intelligence - Indicators and Warnings (Obsolete)

181214

OpenText OpenText Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

OpenText | OpenText Community

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources.

0 reviews

2,299 downloads

See previous releases

Product compatibility

OpenText Enterprise Security Manager

CATEGORY

ArcSight | Obsolete Packages

Screenshots
Description
Requirements
Suggested apps
Releases
Resources
Reviews

Have questions about this item?

Contact us
Subscribe to receive update notifications for this item
Subscribe

Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use an open-source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays, and monitors the Threat Model, which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open-source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary, and internal sources.

User cases supported by this package include:

Populate Threat Model from a variety of heterogeneous intelligence feeds
Enrich events with Threat Model data
Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package. Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

HIDDEN COBRA data feeds - https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/HiddenCobraThreat
Ransomware data feeds - https://ransomwaretracker.abuse.ch/feeds/csv

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

• Active Base - Version 2.4.0.0 and later.

Suggested apps

OpenText COMMUNITY

L1-WannaCry Malware Detection - Indicators and Warnings...

OpenText

L1-WannaCry Malware Detection - Indicators and Warnings package is intended to support L2-APT10 WannaCry Malware Detection - Situational Awareness to detect WannaCry Malware IOCs incidents.

Data Generator

OpenText

Generates test data at a specified rate. This connector does not require a data source.

Cisco Aironet

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Cisco Aironet and related products.

OpenText COMMUNITY

SmartConnector User's Guide

OpenText

Pretty much everything you need to know about collecting events using ArcSight SmartConnectors.

F5 Firepass

OpenText

This Novell Sentinel Collector provides data-capture capabilities for F5 Firepass and related products.

IBM zOS

OpenText

This Novell Sentinel Collector provides data-capture capabilities for IBM z/OS and related products.

McAfee Network Security Platform

OpenText

This Novell Sentinel Collector provides data-capture capabilities for McAfee Network Security Platform and related products.

Cisco Network Admission Control

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Cisco Network Admission Control and related products.

OpenText COMMUNITY

CHEF Cookbooks for Fortify

OpenText

Releases

Release

Size

Date

L1-Threat Intelligence 1.4.0.0

76.2 KB

|

Nov 18, 2019

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Fix bugs related to suspicious file hash use case.

Languages

English

Files

L1-Threat Intelligence 1.3.0.0

62.0 KB

|

May 23, 2018

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages

English

Files

L1-Threat Intelligence 1.2.0.0

66.4 KB

|

Sep 1, 2017

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Added file hash use case to this package.

Languages

English

Files

L1-Threat Intelligence 1.1.0.0

61.9 KB

|

Nov 16, 2016

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv)

Languages

English

Files

L1-Threat Intelligence 1.0.0.0

56.7 KB

|

Sep 8, 2016

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Beta version of L1 Activate Threat Intel package

Languages

English

Files

Resources

Documentation

Activate License

Activate Framework

Discussion Forum

Activate Framework Installation and Configuration

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2025-2-1-6322 | Wed Feb 5 16:30:41 PST 2025