Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Micro Focus Contributor
Micro Focus Contributor
783 views

L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Warnings

This is the official forum for discussing the basic ArcSight Activate L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Warnings package, as described in Activate Wiki page for the package.

Labels (2)
0 Likes
5 Replies
Micro Focus Expert
Micro Focus Expert

Re: L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Warnings

I'm implementing the package and noticed something. The Device Event Category should start with "/Rule/Fire/Activate" instead of "/All Rules/ArcSight Activate/Solutions"

0 Likes
oswaldo.dimas@h Regular Contributor.
Regular Contributor.

Re: L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Warnings

Hi Bernie,

 

Thanks your your comments, we will make the necessary changes and apply them for the next version. Also, we may need to change the package resources to add the root for every resource type.

0 Likes
oswaldo.dimas@h Regular Contributor.
Regular Contributor.

Re: L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Warnings

1.0.0.1 Release is published in the Marketplace:

  •  Removed Resources Tab modified in Package Resource to suit Activate Framework Best Practices 
  •  Device Event Category field was fixed.
0 Likes
ricardoraza51 Trusted Contributor.
Trusted Contributor.

Re: L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Wa

Hi I have a doubt, what is the reason when I install this package all the filter have the condition False

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: L1-Data Security Monitoring - Data Loss Prevention (DLP) - Indicators and Wa

You will need to hook in the product packages to the L1 content. When L1 packages are installed, by default, no product packages are hooked in and that's why the filter conditions are false. The Marketplace link does not have a link to the Wiki on how to do that, I will report that and get that addressed. To hook product packages in, see this link: https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L1DataSecurityMonitoringDLP#Content_Hooks_for_Product_Packages.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.