Error while installing Malware dependency package :

Could Not Find C:\arcsight\Console\current\L1-Malware Monitoring - Indicators adn Warnings 1.0.0.5\L

1-Perimeter_and_Network_Monitoring_-_Indicators_and_Warnings_-_Customizations_*.arb

Any help?

Hi Mary,

You need to copy the installation files into \current\ . If you extract the .zip it extracts the files to \current\L1-Malware Monitoring - Indicators adn Warnings 1.0.0.5\ which will give you that error.

Chris

After installation I noticed the filters associated with the rule pointed to a filter which was called no events. Is this normal?

I noticed the same thing.  I went to other filters and there are no conditions for any.  I am guessing we have to build our own content????!!!!

You are going to have to install the McAfee packs and hook them into the filters. I haven’t seen anything for Symantec or other products.

Similar process to the perimeter packs.

/J

Ok, thanks!

Also, any idea where the Downloads_Groups_1.0.arb can be located?  This is needed for the Suspicious Outbound Traffic Monitoring use case from marketplace.

I don't know, need HP guidance on this.

Sent from my iPhone

When you download the zip file for Suspicious Outbound Traffic Monitoring, you will find Downloads_Groups_1.0.arb file within the zip file.

John (and John 😉 ),

You can find the Downloads_Groups_1.0.arb file in the Brute Force Attack package zip file on the Marketplace.

Brute Force Attack | HPE Marketplace

Yay...more websites to scour...

Thanks Brent and Mary,

Yea I noticed the file after opening up one of the packages from Marketplace.  Duh, John........