This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2-Network Monitoring - Situational Awareness

This is the official forum for the discussion of the L2-Network Monitoring - Situational Awareness package.

The installation/update package is available from the ArcSight Marketplace. All new and updated Activate Framework packages is available on the ArcSight Marketplace (https://marketplace.microfocus.com/arcsight).

 

The documentation is available at https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L2NetworkMonitoring.

--
Prentice S. Hayes
Product Management, Cybersecurity - ArcSight
OpenText

Parents
  • Same here, I could not find Proxy Identified Exploit Kit Queries

  • Hey,

    Apologies for the delayed response. I just installed the L1-Network Monitoring and L2-Network Monitoring packages, as well as the L1-Perimeter Monitoring and L2-Perimeter Monitoring packages. For /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic, the conditions should look like this:WebProxyIdentifiedExploitTrafficConditions.png

     I know this sounds lame, but I cannot reproduce the problem you've stated. The list is at /All Active Lists/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries.

    Hope this helps,

    --

    Prentice

     

     

     

     

    --
    Prentice S. Hayes
    Product Management, Cybersecurity - ArcSight
    OpenText

Reply
  • Hey,

    Apologies for the delayed response. I just installed the L1-Network Monitoring and L2-Network Monitoring packages, as well as the L1-Perimeter Monitoring and L2-Perimeter Monitoring packages. For /All Rules/Real-time Rules/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Web Proxy Identified Exploit Traffic, the conditions should look like this:WebProxyIdentifiedExploitTrafficConditions.png

     I know this sounds lame, but I cannot reproduce the problem you've stated. The list is at /All Active Lists/ArcSight Activate/Solutions/Network Monitoring/Situational Awareness/Proxy Identified Exploit Kit Queries.

    Hope this helps,

    --

    Prentice

     

     

     

     

    --
    Prentice S. Hayes
    Product Management, Cybersecurity - ArcSight
    OpenText

Children