This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L1-Malware Monitoring Indicators and Warnings

This is the official forum for discussing the ArcSight Activate L1-Malware Monitoring - Indicators and Warnings package, as described in the Activate Wiki

Parents
  • Looking through the rules in the L1 malware package, I see they track based on the destination address and not the hostname. Why is that? The address can be changed and reused through DHCP, leading to both false positves and negatives. It seems like the hostname would be more predictable.

Reply
  • Looking through the rules in the L1 malware package, I see they track based on the destination address and not the hostname. Why is that? The address can be changed and reused through DHCP, leading to both false positves and negatives. It seems like the hostname would be more predictable.

Children
No Data