L1-Perimeter Monitoring - Indicators and Warnings
This is the official forum for the discussion of the L1-Perimeter Monitoring - Indicators and Warnings package.
The installation/update package will be available from the ArcSight Marketplace. All new and updated Activate Framework packages will be made available on the ArcSight Marketplace (https://marketplace.microfocus.com/arcsight).
The documentation is available at https://hpe-sec.com/foswiki/bin/view/ArcSightActivate/L1PerimeterMonitoring.
We imported the Activate package before importing the 3 packages which is the pre-requisite of the three.
After importing the packages, all the filters from the 3 package only says "false" which returns no events when we try to run it in an active channel.
Are we missing something? Do we need to configure something first?
You will need to load Activate Product Packages and hook them into the L1 Solution Packages. The instructions for hooking in the Product Packages are on the Activate Wiki. You should find links to this under the Resources section of the Product Packages. Below is a link to how to configure the hooks for the McAfee ePO VirusScan Product Package.