L2-Malware Monitoring (Obsolete)

209891

OpenText OpenText Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

OpenText | OpenText Community

L2-Malware Monitoring - Situational Awareness

This package is intended to provide ArcSight context to L1-Malware Monitoring - Indicators and Warnings events, using both the ArcSight Network and Asset Model to alert the SOC Analyst and Operator.

0 reviews

977 downloads

See previous releases

Product compatibility

ArcSight ArcSight ESM

CATEGORY

ArcSight | Obsolete Packages

Screenshots
Description
Requirements
Suggested apps
Releases
Resources
Reviews

Have questions about this item?

Contact us
Subscribe to receive update notifications for this item
Subscribe

Description

This Package provides ArcSight context to L1 Malware Monitoring - Indicators and Warnings User Stories, allowing the SOC Analyst and Operator to identify malware infections on high critical Assets in the internal network. This package requires configured L1-Malware Monitoring - Indicators and Warnings package for further detection and investigations.

The following are some of the User Stories supported by this package:

Unresolved Malware detected in Critical or DMZ Host
Malware Outbreak in Zone
Malware Outbreak in DMZ Zone
Same Malware Infected Multiple Hosts in Zone
Critical and DMZ Host Infected Multiple Times by Different Malware
Critical and DMZ Host Infected Multiple Times by the Same Malware
Malware Auto-Protect Scan Engine Disabled in Critical or DMZ Host

Minimum Requirements

Activate Base - Version 2.5.0.0 and later
L1 Malware Monitoring - Indicators and Warnings

Suggested apps

Cisco Network Admission Control

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Cisco Network Admission Control and related products.

Start Rogue Admin Workflow

OpenText

This Novell Sentinel Action allows you to: Start Rogue Admin Workflow.

OpenText COMMUNITY

Playbook-Block Malicious IPs on Checkpoint R80 NGFW

OpenText

A Playbook for Block Malicious IPs on Checkpoint R80 NGFW Usecase

NetIQ Self Service Password Reset

OpenText

This NetIQ Sentinel Collector provides data-capture capabilities for NetIQ Self Service Password Reset and related products.

Qualys QualysGuard

OpenText

This NetIQ Sentinel Collector provides data-capture capabilities for Qualys QualysGuard and related products.

ThreatConnect App for ArcSight

ThreatConnect

More than 1,200 companies and agencies worldwide use ThreatConnect to unite their cybersecurity people, processes and technologies behind a cohesive intelligence-driven defense.

Sqrrl Threat Hunting Solution for ArcSight

Sqrrl

Sqrrl delivers the power of analytics-driven threat hunting to HPE ArcSight. Sqrrl's Threat Hunting solution extends ArcSight's threat detection capabilities with adversarial behavior analytics, user and entity risk scoring and unique Behavior Graph.

IBM zOS

OpenText

This Novell Sentinel Collector provides data-capture capabilities for IBM z/OS and related products.

OpenText COMMUNITY

Playbook-Multiple Authentication Failure

OpenText

A Playbook for Multiple Authentication Failure Usecase

Releases

Release

Size

Date

L2-Malware Monitoring 1.1.0.2

22.1 KB

|

Nov 12, 2019

More info Less info

Product compatibility

ArcSight

Version 7.0 · 7.2

Version 6.11

Release notes

Rules tagged with MITRE ATT&CK

Languages

English

Files

L2-Malware Monitoring 1.1.0.1

19.1 KB

|

Aug 14, 2018

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Version 7.0 · 7.2 · 7.3 · 7.4 · 7.5 · 7.6 · 7.7 · 7.8

Release notes

Micro Focus rebranding changes

Languages

English

Files

L2-Malware Monitoring 1.1.0.0

18.0 KB

|

Feb 28, 2017

More info Less info

Product compatibility

OpenText Enterprise Security Manager

Version 6.8 · 6.11.0 · 6.9.1

Release notes

Latest Version.

Languages

English

Files

Resources

Activate License

Documentation

Change Log and Discussion Forum

ArcSight Activate Framework

Activate Wiki

Activate Framework Installation and Configuration

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2025-2-1-6322 | Wed Feb 5 16:30:41 PST 2025