L1-Threat Intelligence – Indicators and Warnings

181214

Micro Focus Micro Focus Community

Micro Focus | Micro Focus Community

This package populates, displays and monitors the Threat Model , which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources.
1,361 downloads

Description

**The latest version 1.3 is now updated to use campaign information from STIX/TAXII server.**

**This package is now updated to use open source STIX/TAXII server as a source to collect and normalize threat data.**

This package populates, displays and monitors the Threat Model , which is used to detect and contextualize potential malicious activity based on intelligence derived from a site-specific mix of threat intelligence sources. This package uses the open source Collective Intelligence Framework (CIF) to collect and normalize threat data from open source, proprietary and internal sources.

User cases supported by this package include:

  • Populate Threat Model from a variety of heterogeneous intelligence feeds
  • Enrich events with Threat Model data
  • Display and report upon Threat Model activity

**NEW** Please note, this update does not require a new download of the L1 Threat Intelligence package.Please follow the instructions to update the solution for STIX/TAXII here: https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence#a_41_STIX_47TAXII

This version is able to collect:

For more detail, please visit https://sec.microfocus.com/foswiki/bin/view/ArcSightActivate/L1ThreatIntelligence

Minimum Requirements

 • Active Base - Version 2.4.0.0 and later.

Releases

Release
Size
Date
L1-Threat Intelligence 1.3.0.0
62.0 KB
  |  
May 23, 2018
More info Less info
Product Compatibility
ESM
Version 6.8 · 6.9.1 · 6.11.0
Version 7.0
Release Notes

Ability to collect campaign information from STIX/TAXII and use it in content.

Languages
English
Files
L1-Threat Intelligence 1.2.0.0
66.4 KB
  |  
Sep 1, 2017
More info Less info
Product Compatibility
ESM
Version 7.0
Version 6.8 · 6.9.1 · 6.11.0
Release Notes

Added file hash use case to this package.

Languages
English
Files
L1-Threat Intelligence 1.1.0.0
61.9 KB
  |  
Nov 16, 2016
More info Less info
Product Compatibility
ESM
Version 7.0
Version 6.8 · 6.11.0
Release Notes
  • Ability to collect Ransomware data feeds (https://ransomwaretracker.abuse.ch/feeds/csv) 
Languages
English
L1-Threat Intelligence 1.0.0.0
56.7 KB
  |  
Sep 8, 2016
More info Less info
Product Compatibility
ESM
Version 7.0
Version 6.8 · 6.11.0
Release Notes
Beta version of L1 Activate Threat Intel package
Languages
English

Resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox