Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
ScorpionSting Absent Member.
Absent Member.
302 views

Sentinel Feeds


In case you haven't noticed..... abuse.ch seems to have died a nasty
death, so Feeds are not working....


--
-"Also now available in 'G+'
(http://plus.google.com/+BenWalter-Kiwi) and 'Website'
(https://www.isam.kiwi/) format".- 😉
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=54596


Visit my Website for links to Cool Solution articles.
0 Likes
4 Replies
rochfo Super Contributor.
Super Contributor.

Re: Sentinel Feeds


Yep, I do wish it was easier to incorporate feeds like this into
Sentinel, they can be very valuable. I manually create correllation
rules to utilise IOCs when they are released by the AV companies but it
can be an overhead.


--
rochfordp
------------------------------------------------------------------------
rochfordp's Profile: https://forums.netiq.com/member.php?userid=6749
View this thread: https://forums.netiq.com/showthread.php?t=54596

0 Likes
DCorlette1 Absent Member.
Absent Member.

Re: Sentinel Feeds


Hi rochfordp,

Feeds are intended to be plug-ins just like Collectors or Actions. In
fact, we'll likely move all our "polling" type Collectors, notably the
vuln scanners, to become feeds. As part of this we'll promote feeds to
be first-class citizens within the SDK so you can create your own.

Can you provide us with more information about what process you follow
to "create correlation rules to utilise IOCs when they are released by
the AV companies"? For the AV companies you use, what form does this
release take? Are they using STIX or anything like that? Can you give
us a specific example of an IOC that you used to create a rule, and what
the rule looked like?

rochfordp;262201 Wrote:
> Yep, I do wish it was easier to incorporate feeds like this into
> Sentinel, they can be very valuable. I manually create correllation
> rules to utilise IOCs when they are released by the AV companies but it
> can be an overhead.



--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: https://forums.netiq.com/member.php?userid=323
View this thread: https://forums.netiq.com/showthread.php?t=54596

0 Likes
DCorlette1 Absent Member.
Absent Member.

Re: Sentinel Feeds


We're aware of this and making adjustments. Thanks!

ScorpionSting;262159 Wrote:
> In case you haven't noticed..... abuse.ch seems to have died a nasty
> death, so Feeds are not working....



--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: https://forums.netiq.com/member.php?userid=323
View this thread: https://forums.netiq.com/showthread.php?t=54596

0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Sentinel Feeds


https://www.abuse.ch/?p=9010


--
-"Also now available in 'G+'
(http://plus.google.com/+BenWalter-Kiwi) and 'Website'
(https://www.isam.kiwi/) format".- 😉
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=54596


Visit my Website for links to Cool Solution articles.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.