L1-Malware Monitoring - Indicators and Warnings
This package is the initial content release for AV solution integration. It provides some basic use cases for detecting malware within an environment.
See the latest Activate Wiki Content for details (1.0.10 or later).
To install or upgrade:
1 - Download L1-Malware Monitoring - Indicators and Warnings 126.96.36.199.zip
2 - Extract it to your Microsoft Windows console installation's current directory (e.g., c:\arcsight\console\current)
3 - Execute L1MalwareUpdate.bat and follow the instructions
DO NOT INSTALL THIS PACKAGE USING THE CONSOLE!!!
Also, a big thanks to and his team for helping pull this together!
You need to copy the installation files into \current\ . If you extract the .zip it extracts the files to \current\L1-Malware Monitoring - Indicators adn Warnings 188.8.131.52\ which will give you that error.
You are going to have to install the McAfee packs and hook them into the filters. I haven’t seen anything for Symantec or other products.
Similar process to the perimeter packs.
Also, any idea where the Downloads_Groups_1.0.arb can be located? This is needed for the Suspicious Outbound Traffic Monitoring use case from marketplace.