Highlighted
Absent Member.
Absent Member.
483 views

Integration of third party tool with Arcsight

Hi All,

I wanted to integrate third party tools or application with Arcsight and make it more intelligent,mainly focusing on external threats, any suggestions.

Regards,

Nikhilesh

Labels (2)
0 Likes
7 Replies
Highlighted
Absent Member.
Absent Member.

Hi Nikhilesh,

One advice - be very very specific in your questions or people might not bother to answer

Like external threats - what kind of threats

third party tools - what kind of tools

Regards,

Sujay

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Sujay,

Thanks, the main intention is to make Arcsight tool more intelligent from collecting the data from various sources to make the monitoring and investigation in a deeper way, the external threats as suspicious traffic from malicious IP's,domains,attacks,injecting command to webserver,DOS attacks, traffic towards c&c servers etc, regarding tools i am asking the inputs,suggestions which enables to detect the above attacks, it may also the scripts,URL's,websites from which will get the relevant information

0 Likes
Highlighted
Contributor.
Contributor.

Yup ,

For threat intelligence - either you can write a script which contains the list of URL`s where you can find the database of malicious IP/domains etc., So the script will fetch the data from give URL`s to import into arcsight and do correlation with network/security device logs etc.

Or manually get a copy of list of malicious IP/domains from reputation sites such as - Zeustracker, Sans, malcode, etc., and import it to active list via xl.sheet - but this needs some manual effor that list should be updated frequently.

Otherwise - go for Arcsight RepSM which is a separate module does the same thing above but with well real-time information from HP`s own reputation site.

Hope this helps.

regards,

Santhosh I

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Nikhilesh,

I have some scripts to download data, sources to get bad ip and bad domain and arcsight custom parser to get the data into arcsight, will share it with you tomorrow

Regards,

Sujay

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Sujay,

Any chance you can share that script.

Thanks

Regards

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Michael,

Ya totally forgot about this. Will share it tomorrow.

Regards,

Sujay

0 Likes
Highlighted
Absent Member.
Absent Member.

Dear All,

I have been working on something. Instead of using the script, i have hosted a site for Threat Intelligence data. You can download bad ip and bad domain details in csv or txt format. Have some connectors which you can use to get the data directly to Arcsight.

Site access is restricted. Please PM me if you need access.

Regards,

Sujay

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.