This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
aakashk1
Lieutenant Commander Lieutenant Commander
Lieutenant Commander
‎2016-11-04 10:50
784 views

How to check Traffic flowing from Security devices to and fro BAD IP/ Malicious Sites

Jump to solution

Hi All,

Want to know how can we check if traffic flowing from (Firewall/Proxy) to and fro contains BAD IP or Malicious site IP Address.

Thanks,

A.K

0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
varunraaj
Vice Admiral Vice Admiral
Vice Admiral
‎2016-11-14 03:49

Jump to solution

Hi Ak,

You mean to say that Malicious IP is not in the RepsM list? Or it is in list but not being used for rule ?

Regards,

Varun P G

View solution in original post

0 Likes
Reply
Report Inappropriate Content
6 Replies
priyamalik1
Absent Member.
Absent Member.
‎2016-11-04 11:00

Jump to solution

Hi,

Steps Are:

1. First collect a malicious IP list, saved these IP's to active list

2. Create a rule which will compare these malicious IP's with your security devices event's source IP and Destination IP.

3. If any match occurred, saved those events to another active list (Rule Action).

Done 🙂

Please let me know if you want consolidated malicious IP List.

Thanks and Regards,

0 Likes
Reply
Report Inappropriate Content
aakashk1
Lieutenant Commander Lieutenant Commander
Lieutenant Commander
‎2016-11-04 11:37

Jump to solution

Hi Priya,

Thanks for your reply.

Please share the consolidated malicious IP List. Also if you can share from which Site we can get these details.

Also can you share more detailed steps for the process as I am New to Arcsight.

Thanks,

A.K

0 Likes
Reply
Report Inappropriate Content
aakashk1
Lieutenant Commander Lieutenant Commander
Lieutenant Commander
‎2016-11-07 07:26

Jump to solution

Hi Priya,

Thanks for your reply.

Please share the consolidated malicious IP List. Also if you can share from which Site we can get these details.

Also can you share more detailed steps for the process as I am New to Arcsight.

Thanks,

A.K

0 Likes
Reply
Report Inappropriate Content
varunraaj
Vice Admiral Vice Admiral
Vice Admiral
‎2016-11-07 10:00

Jump to solution

Hi AK,

You have a licensed component in ArcSight called "RepSM" which would fulfill your need.

To know about that component you could reach service people with your valid SAID.

Regards,

Varun P G

0 Likes
Reply
Report Inappropriate Content
aakashk1
Lieutenant Commander Lieutenant Commander
Lieutenant Commander
‎2016-11-07 10:15

Jump to solution

Hi Varun,

I have RepSM licensed installed. But its not detecting some of the malicious IP Address to and fro

Thanks & Regards,

A.K

0 Likes
Reply
Report Inappropriate Content
varunraaj
Vice Admiral Vice Admiral
Vice Admiral
‎2016-11-14 03:49

Jump to solution

Hi Ak,

You mean to say that Malicious IP is not in the RepsM list? Or it is in list but not being used for rule ?

Regards,

Varun P G

View solution in original post

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.