However I prefer if we can import these data into MISP Circl, thus we don't need to create or change anything on the ESM
April 23rd 2020
The content has been updated as mentioned below:
Scan Titan Feeds as on 21st April 2020 has been updated.
Covid related MITRE Content has been updated to lookup in the Active lists.
Saved searches and Search Filters from SOC Prime has been added.
Active list has been changed from Event Based to Field Based.
Geo Communications Dashboard has been added.
Correlation rules has been tuned further.
April 5th 2020
The content for ArcSight has been created by leveraging the Threat Feeds available from Scan Titan and Anomali.
These Threat Feeds consists of Host Names, IP Address, Domain Names, Email Address, URL’s, Subject Line, HASH, Encryption Types comprises of up to 15000 Indicators of compromise.
With ArcSight ESM this content can be leveraged or added to other existing COVID-19 ArcSight Contents.
This content will be updated with more use cases in the coming days.
For feedback please reach out to me on my email PAVAN.RAJA@MICROFOCUS.COM