prentice@hpe.co Honored Contributor.
Honored Contributor.
3755 views

Activate Development

Hey everyone,

Here is all the information I have on what packages are being developed or have been requested. It is incomplete, and probably out of date. Please update accordingly.

I've made a few changes to match changes to Activate, such as changing "Epic (use case category)" to "Defense Monitoring in Depth (DMiD) Layer".

 If there is no contact information, that means that someone has requested it, but nobody has taken it up.

Defense Monitoring in Depth (DMiD) Layer(s)

Package

Owner/Developer

Contact Information

Status

Notes

Network Monitoring

Perimeter Monitoring

P-McAfee Web Gateway

 

 

Beta package created

User Monitoring

P-Type80

Activate Experts   Package 90% complete, need testing.
Application Monitoring P-Apache HTTPD and Tomcat        
Security System Monitoring P-ArcSight Management Center     Rules structure done. Need to complete documentation

Network Monitoring

P-Nessus Activate Experts   Work in Progress

Perimeter Monitoring

P-Blue Coat Proxy Activate Experts activate p blue coat proxy Package and documentation written and uploaded to internal site.
Perimeter and Network Monitoring P-F5 AFM       In progress

Network Monitoring

P-FireEye NX        

Network Monitoring

P-IBM Proventia Activate Experts   Work in Progress

Network Monitoring

P-IBM XGS        

Perimeter Monitoring

P-Imperva WAF       In progress

Perimeter Monitoring

P-IPCOM FW        

Perimeter Monitoring

P-Juniper Firewall       In progress

Host Monitoring

User Monitoring

P-Linux HPE//​ Activate Experts   Currently, RHEL/CentOS, need other distro testing
Malware Monitoring P-CylancePROTECT Beirne Konarski Activate Experts Written and documented, need to submit to Marketplace.  
Malware Monitoring P-McAfee Intrushield Shaz€      
Malware Monitoring P-Sophos AV        
Malware Monitoring P-Symantec End Point Protection   Published at https://marketplace.microfocus.com/arcsight/content/activate-p-symantec-endpoint-protection.  Needs to be updated
Malware Monitoring P-Trend Micro OfficeScan Mike Stephens   Mike S - Lost access to Trend Products.  
Malware Monitoring P-Trend Micro Deep Security Shaz€      
Malware Monitoring P-Carbon Black Beirne Konarski Activate Experts Parser override written to pull fields out of Message, product package written. Testing now, needs documentation.  

Perimeter Monitoring

P-Cisco ISE Activate Experts   Work in Progress

Host Monitoring

P-Tripwire File Integrity Manager Mike Stephens     Initial Build

Perimeter Monitoring

Network Monitoring

P-Fortinet Fortigate and ​ Activate Experts   Work in Progress

Perimeter Monitoring

Network Monitoring

P-Squid Howard Miller      
Application Monitoring P-ProFTPD Activate Experts   Mostly written for user authentication and file transfer, need to adjust a rule and document the package.

Host Monitoring

P-Microsoft Certificate Services Activate Experts   Filters written for System and Service Errors, need to go through the full set of documented events to fill out possibilities, and then write rules..

Host Monitoring

P-Amazon CloudTrail Activate Experts   Package written, rules based on login failures untested, the rest are tested, documentation needed.
Security System Monitoring P-Logger Activate Experts    
Security System Monitoring P-ArcSight ESM Activate Experts    

Network Monitoring

P-Sourcefire Activate Experts activate p sourcefire Rewrote filters for the new Sourcefire CEF script that replaces the SmartConnector.
Activate Base Activate Base HPE (R&D and PS)/ Activate Experts activate base  
Security System Monitoring C-Security System Monitoring - Appliance HPE (R&D and PS)/​ Activate Experts activate c security system monitoring appliance  
Security System Monitoring C-Security System Monitoring - Asset Model HPE (R&D and PS)/​ Activate Experts activate c security system monitoring assetmodel  
Security System Monitoring C-Security System Monitoring - Base HPE (R&D and PS)/​ Activate Experts activate c security system monitoring base  
Security System Monitoring C-Security System Monitoring - Connectors HPE (R&D and PS)/ ​ Activate Experts c security system monitoring connectors  

Perimeter Monitoring

Network Monitoring

L1-Perimeter and Network Monitoring - Indicators and Warnings nobody Activate Experts activate l1 perimeter & network monitoring indicators Deprecated, replaces by the Network Monitoring and the Perimeter Monitoring packages

Perimeter Monitoring

Network Monitoring

L2-Perimeter and Network Monitoring - Situational Awareness nobody Activate Experts perimeter & network monitoring migration for l1 & l2 Deprecated, replaces by the Network Monitoring and the Perimeter Monitoring packages
Templates ArcSight Activate Templates HPE (R&D and PS)/ Activate Experts arcsight activate-templates Templates for developers to use for creating packages for Activate content (Product packages, L1, L2, including pre-populated Active List packages).
Data Security Monitoring L1-Data Security Monitoring - DLP HPE (R&D and PS)/Ashwin Aruldas Activate Experts l1 data security monitoring dlp Data Loss Prevention focused Data Security Monitoring.

Host Monitoring

L1-Host Monitoring - Indicators and Warnings HPE (R&D and PS)/ / /​   l1 host monitoring indicators & warnings  

Host Monitoring

L2-Host Monitoring - Situational Awareness HPE (R&D and PS)///​   "l2 host monitoring situational awareness  

Network Monitoring

L1-Network Monitoring - Indicators and Warnings HPE (R&D and PS)/ Activate Experts l1-network monitoring-indicators and-warnings  

Network Monitoring

L2-Network Monitoring - Situational Awareness HPE (R&D and PS)/ Activate Experts l2 network monitoring situational awareness  

Perimeter Monitoring

L1-Perimeter Monitoring - Indicators and Warnings HPE (R&D and PS)/ Activate Experts l1 perimeter monitoring indicators & warnings  

Perimeter Monitoring

L2-Perimeter Monitoring - Situational Awareness HPE (R&D and PS)/ Activate Experts l2 perimeter monitoring situational awareness  
Threat Intelligence L1-Threat Intelligence - Indicators and Warnings HPE (R&D and PS)/​ (SEMplicity) Activate Experts l1 threat intelligence  
Threat Intelligence L2-Threat Intelligence - Situational Awareness HPE (R&D and PS)/​ (SEMplicity) Activate Experts l2 threat intelligence  
Threat Intelligence CIF (Collective Intelligence Framework) OSI collector HPE (R&D and PS)/​ (SEMplicity) Activate Experts Information can be found at L1 Threat Intelligence Step2  
Malware Monitoring P-HPE DMA HPE (SE)/​ (R&D)   Published at activate p hpe dns malware analytics  

Perimeter Monitoring

Network Monitoring

Activate P-Palo Alto Networks PAN-OS     Activate wiki template is at PPaloAltoNetworks"> , needs to be started. Current version is for PAN-OS 6.0, which is out-of-date. Needs updating.

Host Monitoring

P-HPE iLO HPE (R&D and PS)/​ Activate Experts   In Progress
Perimeter Monitoring L1-ISA99_SCADA Perimeter & Network Monitoring Indicators &Waringings (PS) ​     In Progress

Perimeter Monitoring

P-Zscaler NSSWeblog HPE (PS) ​ and ​   In progress  
Malware Monitoring L1-Malware Monitoring (Anti-Virus) ​ (R&D) Activate Experts In progress  
Malware Monitoring L2-Malware Monitoring (Anti-Virus) ​ (R&D) Activate Experts In progress  
Malware Monitoring L1-Malware Monitoring - Zero Day        
Malware Monitoring L2-Malware Monitoring - Zero Day        

    All information is, of course, voluntary. So, if you are working on something and it's not on the list, please add it.  

14 Replies
Highlighted
Super Contributor.. linhvm Super Contributor..
Super Contributor..

Re: Activate Development

Hi,

Is there any update??

0 Likes
prentice@hpe.co Honored Contributor.
Honored Contributor.

Re: Activate Development

​ updated it on May 17th, 2016 (the latest update timestamp is at the top).

, what kind of update are you looking for?

0 Likes
Super Contributor.. linhvm Super Contributor..
Super Contributor..

Re: Activate Development

Hi 

Sorry, I did not notice the update timestamp. I was looking for the development status of the packages. Thanks!

0 Likes
prentice@hpe.co Honored Contributor.
Honored Contributor.

Re: Activate Development

Hey everyone, if you're currently working on a project, please add your contact information. It can be your e-mail address, or your P724 account info for private messages. For contacting HPE folks, that shouldn't be too difficult, since our usernames are our real names (not sure that was such a great idea...). If you are a customer and have a handle, rather than your real name, please make sure someone can contact you.

Thanks,

--

Prentice

0 Likes
u.tejesh@hpe.co1 Contributor.
Contributor.

Re: Activate Development

Hi Team,

Is there any update on "P-Fortinet Fortigate" Package.

Regards,

Tejesh

0 Likes
Trusted Contributor.. aizuevo Trusted Contributor..
Trusted Contributor..

Re: Activate Development

Hi,

Is there any Malware Monitoring baseline package (L1&L2 Package) ?

Regards,

Fakhri

0 Likes
oswaldo.dimas@h Regular Contributor.
Regular Contributor.

Re: Activate Development

Hi Aizuevo,

Yes, We are working in L1 & L2 Malware Monitoring package, as well as some Anti-Malware ( virus ) product packages. Once they are available in the marketplace We would like to have your feedback on them!

Regards

Os

0 Likes
mikeska Absent Member.
Absent Member.

Re: Activate Development

Hi there,

im wondering why Microsoft Windows is missing ? P-Windows has been removed from marketplace, and there is some message that you are working on.

On ESM/Express default content packages has been removed also, so wow effect is missing when customer install ESM and not much there.

I understand that content have to be "prepared professionally"but its hard to explain to customer, that it cost one arm and leg but when its up and running its just empty.

default content is good to have as quick win. windows, vmware , linux is 90% of companies infrastructure. and this is missing. and firing back badly.

just my 2 cents.

and one question: when windows package will be back ?

thnx

0 Likes
Trusted Contributor.. aizuevo Trusted Contributor..
Trusted Contributor..

Re: Activate Development

Hi Dimas,

Thanks for working on it
I will give a feedback as soon i installed and test package ,

thanks......

0 Likes
Outstanding Contributor.. pushpendra.rath Outstanding Contributor..
Outstanding Contributor..

Re: Activate Development

I can not find any such package on marketplace, so what does it actually mean by P-Type80

User MonitoringP-Type80
0 Likes
prentice@hpe.co Honored Contributor.
Honored Contributor.

Re: Activate Development

Hey

is still testing this, and he has not yet submitted it to the ArcSight Marketplace. I'm sure that once he's gotten significant testing completed, he will publish the package and its documentation on the Activate Wiki.

Hope this helps,

--

Prentice

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Activate Development

Hi Pushpendra,

Most of the User Monitoring is moved to the Entity Monitoring Packages.

Regards,

/Henk-Jan

0 Likes
rmwilliams1 Regular Contributor.
Regular Contributor.

Re: Activate Development

Hello, all.

This question is probably for Prentice, but defintely for anyone developing Activate packages.Two things:

Firstly, at the moment, there are two product packages that I require for a current client that do not have installer .BAT files: Cisco ASA and Palo Alto. The Palo Alto wiki documentation is incomplete/template, so I assume that I import the .ARB via the console per usual. Will that accomplish all that is required? I assume so, but wanted to ask.

The Cisco ASA wiki docs describe the .BAT file process for package v1.2.0.0, but package v 1.1.0.1, with no .BAT, is available on Marketplace. Should Cisco ASA v1.2.0.0 be out there, or so I just go ahead and import v1.1.0.1 .ARB via console, as per the PAN package, or shoudl I wait for the v1.2.0.0 package to catch up with the wiki documentation?

Secondly, what is the preferred method for reporting issues in the packages? The L2 Perimeter v0.1.0.0 package has a couple of broken references in Rules to an Active List that it expects in the old Perimeter and Network Monitoring legacy folder (pre-split) which is in fact in the Core/Common (??) folder now. The L2 Network v0.1.0.0 package has a Rule referencing an Active List which does not exist anywhere that I can find, so I will have to create it. Not sure of all the parameters for that AL, but I can create based on what I glean from the .XML file, key fields being the possible outliers.

TIA for any assistance!

RMichael

0 Likes
rmwilliams1 Regular Contributor.
Regular Contributor.

Re: Activate Development

Wondered if there was any update on this. I would prefer to install the latest packages for these two products, but must proceed with my customer-facing project soon. TIA.

RMichael

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.