Micro Focus ArcSight ESM-CEF
With this Playbook and Job App, you can deploy Indicators and logs from Micro Focus ArcSight ESM to ThreatConnect using the syslog protocol and CEF formatted lines. Common Event Format (CEF) is a Logging and Auditing file format from ArcSight and is an extensible, text-based format designed to support multiple device types by offering the most relevant information.
The ThreatConnect ArcSight ESM integration provides ArcSight users the ability to leverage customizable threat intelligence integrated in ArcSight from ThreatConnect. The App takes users’ aggregated logs from ArcSight and combines them with their threat intelligence in ThreatConnect. ThreatConnect provides context with indicators and enables their teams to easily spot abnormal trends and patterns to be able to act on them efficiently. Users can quickly look up and create indicators, report false positives, and record the frequency with which particular indicators are observed in your network. Users can tie their data to Playbooks, ThreatConnect’s orchestration capability, to automate nearly any cybersecurity task and respond to threats faster – as well as send to other systems in the security stack.
The following actions are included:
- The Add action sets in the formatted line a value of add.
- The Remove actions sets in the formatted line a value of remove.
These apps can be found in the ThreatConnect App Catalog under the following names: Micro Focus ArcSight ESM – CEF (Playbook), and Micro Focus ArcSight ESM – CEF (Organization)