Lieutenant Commander Lieutenant Commander
Lieutenant Commander
784 views

How to check Traffic flowing from Security devices to and fro BAD IP/ Malicious Sites

Jump to solution

Hi All,

Want to know how can we check if traffic flowing from (Firewall/Proxy) to and fro contains BAD IP or Malicious site IP Address.

Thanks,

A.K

0 Likes
1 Solution

Accepted Solutions
Vice Admiral Vice Admiral
Vice Admiral

Hi Ak,

You mean to say that Malicious IP is not in the RepsM list? Or it is in list but not being used for rule ?

Regards,

Varun P G

View solution in original post

0 Likes
6 Replies
Absent Member.
Absent Member.

Hi,

Steps Are:

1. First collect a malicious IP list, saved these IP's to active list

2. Create a rule which will compare these malicious IP's with your security devices event's source IP and Destination IP.

3. If any match occurred, saved those events to another active list (Rule Action).

Done 🙂

Please let me know if you want consolidated malicious IP List.

Thanks and Regards,

0 Likes
Lieutenant Commander Lieutenant Commander
Lieutenant Commander

Hi Priya,

Thanks for your reply.

Please share the consolidated malicious IP List. Also if you can share from which Site we can get these details.

Also can you share more detailed steps for the process as I am New to Arcsight.

Thanks,

A.K

0 Likes
Lieutenant Commander Lieutenant Commander
Lieutenant Commander

Hi Priya,

Thanks for your reply.

Please share the consolidated malicious IP List. Also if you can share from which Site we can get these details.

Also can you share more detailed steps for the process as I am New to Arcsight.

Thanks,

A.K

0 Likes
Vice Admiral Vice Admiral
Vice Admiral

Hi AK,

You have a licensed component in ArcSight called "RepSM" which would fulfill your need.

To know about that component you could reach service people with your valid SAID.

Regards,

Varun P G

0 Likes
Lieutenant Commander Lieutenant Commander
Lieutenant Commander

Hi Varun,

I have RepSM licensed installed. But its not detecting some of the malicious IP Address to and fro

Thanks & Regards,

A.K

0 Likes
Vice Admiral Vice Admiral
Vice Admiral

Hi Ak,

You mean to say that Malicious IP is not in the RepsM list? Or it is in list but not being used for rule ?

Regards,

Varun P G

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.