This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L1-Threat Intelligence - Indicators and Warnings

This is the official forum for discussing the basic ArcSight Activate L1-Threat Intelligence - Indicators and Warnings package, as described in the Activate Wiki.

Version 1.1.0.0 TI: (L1-Threat_Intelligence_-_Indicators_and_Warnings_1.1.0.0.arb)

Modified Resources:

/All Rules/ArcSight Activate/Solutions/Threat Intelligence/Indicators and Warnings/Populate Suspicious Address List

--
Prentice S. Hayes
Product Management, Cybersecurity - ArcSight
OpenText

Parents
  • Hi all,

    Just starting to try this package with limited success.  It seems the events are feeding upstream but are not parsing correctly. I suspect our source CSV output file(s) from the CIF may be messed up.  Is there a working example of a known good CSV file that we can use as a sanity check / model? 

    BTW, the config screencap (config.png) in the wiki instructions at Step 5 does not appear to be available.....? 

    Any feedback appreciated

    Thanks.....

Reply
  • Hi all,

    Just starting to try this package with limited success.  It seems the events are feeding upstream but are not parsing correctly. I suspect our source CSV output file(s) from the CIF may be messed up.  Is there a working example of a known good CSV file that we can use as a sanity check / model? 

    BTW, the config screencap (config.png) in the wiki instructions at Step 5 does not appear to be available.....? 

    Any feedback appreciated

    Thanks.....

Children
No Data