Using MISP Threat Intelligence With ArcSight ESM v2

Uploaded by

Tarasko

0% found this document useful (0 votes)

13 views41 pages

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

13 views41 pages

Using MISP Threat Intelligence With ArcSight ESM v2

Uploaded by

Tarasko

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 41

Search inside document

Using MISP threat intelligence

with ArcSight ESM

v2
Malware Information Sharing Platform
https://www.misp-project.org/

 Threat Sharing Platform

 Free, Open Source
 MITRE ATT&CK Compatible
 More than 6,000 organizations worldwide are using MISP
How does ArcSight ESM use MISP?

 MISP Instance
 MISP Community Instance https://www.misp-project.org/communities/
or
 MISP Local Instance https://www.misp-project.org/download/
 Deployment
 Threat Intelligence Platform https://marketplace.microfocus.com/arcsight/content/esm-default-content
 Model Import Connector for MISP
Threat Intelligence Platform
https://marketplace.microfocus.com/arcsight/content/esm-default-content

 Included with ESM 7.2

 With a fresh install, you will be prompted to install the package
 With an upgrade, the package is imported but is not installed
 Download from Marketplace for…
 ESM 7.0
 ESM 6.11.0
 ESM 6.9.1
 ESM 6.8
Threat Intelligence Platform
Content used in this guide

 Active Lists (Indicators of Compromise)

 Suspicious Addresses
 Suspicious Domains
 Suspicious Hashes
 Suspicious URLs
 Suspicious Emails
 Dashboard
 Reputation Data Overview
 Integration Command
 VirusTotal Hash Lookup
Model Import Connector for MISP
https://community.microfocus.com/t5/ESM-and-ESM-Express/Model-Import-Connector-for-MISP-
Malware-Information-Sharing/ta-p/2752381
 Micro Focus Security ArcSight SmartConnectors Framework 7.14.0
 ArcSight-7.14.0.8248.0-MispModelConnector-Linux64.bin
ArcSight-7.14.0.8248.0-MispModelConnector-Win64.exe
MISP Instance (Community or
Local Instance)
MISP Community Instance
https://www.circl.lu/services/misp-malware-information-sharing-platform/#how-to-request-
access

8
MISP Local Instance
https://www.misp-project.org/download/

 Platforms

9
Setting up a MISP Local Instance
(Virtual Image)
Download the MISP Virtual Image
https://www.circl.lu/misp-images/

https://www.misp-project.org/download/#virtual-images

11
MISP.baseurl
https://github.com/MISP/MISP/issues/4687

 MISP.baseurl needs to be set in the Virtual Image

 If this is not changed, you will see navigation errors
 Login
 misp / Password1234
 Run
 sudo /var/www/MISP/app/Console/cake Baseurl ""
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Setting up the Threat Intelligence
Platform content
How does ArcSight ESM use MISP?

 The Threat Intelligence Platform Package must be Imported and Installed

 The Threat Intelligence Platform Group must be linked to Real-time Rules
Setting up the Model Import
Connector for MISP
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
27
28
Testing the Threat Intelligence
Platform content

CCNA Cybersecurity Operations v1.0 Skills Assessment Answer
Document4 pages
CCNA Cybersecurity Operations v1.0 Skills Assessment Answer
endang shara
97% (32)
12 CS Project - 2023-24
Document3 pages
12 CS Project - 2023-24
J. Dey
0% (2)
Amazon Web Services in Action
From Everand
Amazon Web Services in Action
Michael Wittig
No ratings yet
Advanced Attack Detection Using OSSIM
Document11 pages
Advanced Attack Detection Using OSSIM
Marcelo Laurenti
No ratings yet
Kaspersky Threat Intelligence
Document5 pages
Kaspersky Threat Intelligence
Semir Seferovic
60% (5)
IBM API Connect Installation On Windows
Document2 pages
IBM API Connect Installation On Windows
Arunachalam Sekar
No ratings yet
Project Proposal
Document3 pages
Project Proposal
Wahab Khan
No ratings yet
Mic Misp Config Guide
Document15 pages
Mic Misp Config Guide
Quang Trung
No ratings yet
15 Essential Open Source Security Tools: Nmap Port Scanning Tool Nmap Installed
Document9 pages
15 Essential Open Source Security Tools: Nmap Port Scanning Tool Nmap Installed
CA1 Oran
100% (1)
Kaspersky 1
Document7 pages
Kaspersky 1
Jonathan Quezada
No ratings yet
Welcome To International Journal of Engineering Research and Development (IJERD)
Document5 pages
Welcome To International Journal of Engineering Research and Development (IJERD)
IJERD
No ratings yet
How To Integrate Kaspersky Threat Data Feeds With AlienVault
Document12 pages
How To Integrate Kaspersky Threat Data Feeds With AlienVault
anet
No ratings yet
Metasploit - Pen Test & Cybersecurity Guide
Document76 pages
Metasploit - Pen Test & Cybersecurity Guide
mamaslittleboy20
No ratings yet
In The Wake of Solarwinds Compromise
Document10 pages
In The Wake of Solarwinds Compromise
alfred.x.andrews
No ratings yet
Ontap SMB Vul CVE 2023
Document8 pages
Ontap SMB Vul CVE 2023
Saurabh Lanjekar
No ratings yet
Scor 09
Document9 pages
Scor 09
Ahmed El kayal
No ratings yet
Unit V
Document85 pages
Unit V
Raghavendra Vithal Goud
No ratings yet
Weekly Cyber Security Threat Updates 8th Oct To 14th Oct PDF
Document15 pages
Weekly Cyber Security Threat Updates 8th Oct To 14th Oct PDF
Akash Agrawal
No ratings yet
20 Best Ethical Hacking Tools & Software For Hackers (2021)
Document19 pages
20 Best Ethical Hacking Tools & Software For Hackers (2021)
anusha chekuri
100% (1)
ASS5
Document5 pages
ASS5
amitsagar gowda
No ratings yet
Exam 434146339Z-184
Document15 pages
Exam 434146339Z-184
Albert Ross
No ratings yet
Firmfuzz: Automated Iot Firmware Introspection and Analysis
Document7 pages
Firmfuzz: Automated Iot Firmware Introspection and Analysis
deinemama
No ratings yet
Summer Internship Project
Document15 pages
Summer Internship Project
aditya
No ratings yet
Install Guide FirePower Module On Cisco ASA v1.1
Document22 pages
Install Guide FirePower Module On Cisco ASA v1.1
Raphael Bech
100% (1)
Discovering Oracle Accounts With
Document40 pages
Discovering Oracle Accounts With
Steven Conley
No ratings yet
Junos Practice SEC 1
Document8 pages
Junos Practice SEC 1
HafidHariyadhi
No ratings yet
Factory
Document17 pages
Factory
cesar.econocom
No ratings yet
Metasploitation: H D Moore Director of Security Research
Document28 pages
Metasploitation: H D Moore Director of Security Research
andypriyatna
No ratings yet
Simh
Document16 pages
Simh
Master Physics
No ratings yet
Bug Search: Tools & Resources
Document3 pages
Bug Search: Tools & Resources
nag_nag19
No ratings yet
Arc Sight Enterprise Security Manager
Document4 pages
Arc Sight Enterprise Security Manager
Zoumana Diomande
No ratings yet
Lab 3
Document4 pages
Lab 3
Shiv Patel
No ratings yet
Hunting For Malware
Document15 pages
Hunting For Malware
advajayltiwari
No ratings yet
Session 1 VU21997
Document24 pages
Session 1 VU21997
cryptailmine
No ratings yet
Research Blogs Feed
Document22 pages
Research Blogs Feed
Héctor Javier Herrera
No ratings yet
ESAPI Security Bulletin1
Document4 pages
ESAPI Security Bulletin1
Snig Kav
No ratings yet
Configuring Host-Based IDS and IPS Devices
Document10 pages
Configuring Host-Based IDS and IPS Devices
Satish Gade
No ratings yet
PDF文档
Document3 pages
PDF文档
black hat
No ratings yet
Metasploit: A Powerful Penetration Testing Framework
Document6 pages
Metasploit: A Powerful Penetration Testing Framework
444nahid
No ratings yet
Crime Automation & Reporting System 1
Document43 pages
Crime Automation & Reporting System 1
anon_84208589
No ratings yet
MCP Deployment Guide PDF
Document472 pages
MCP Deployment Guide PDF
Pacho Pachangas
No ratings yet
Solarissig Ai
Document24 pages
Solarissig Ai
Udhayashankar Dhayalan
No ratings yet
Nmap Flanscan Vulners TechSeg
Document6 pages
Nmap Flanscan Vulners TechSeg
Roman Potapov
No ratings yet
Cisco
Document73 pages
Cisco
Mohamed Wahieb
No ratings yet
Practical Mobile App Attack
Document277 pages
Practical Mobile App Attack
sarfw
No ratings yet
Fin7 Jssloader Final Web
Document25 pages
Fin7 Jssloader Final Web
sadsada12e12312
No ratings yet
Automated Threat Detection Guide For 11.0
Document20 pages
Automated Threat Detection Guide For 11.0
Malek Aldossary
No ratings yet
Easttom PPT 06 Final
Document36 pages
Easttom PPT 06 Final
Rizki Hela Salam
No ratings yet
CAD Tools PDF
Document5 pages
CAD Tools PDF
ramanathj
No ratings yet
Practical Cloud Computing
Document17 pages
Practical Cloud Computing
Mahesh Chauhan
No ratings yet
Deploying ML Production (Flask - API)
Document27 pages
Deploying ML Production (Flask - API)
priyankar sinha
No ratings yet
Azure Sentinel-A Real-World Example - 4sysops
Document12 pages
Azure Sentinel-A Real-World Example - 4sysops
kodi
No ratings yet
g8 Scanning Tools
Document3 pages
g8 Scanning Tools
Ivan Jade Lugo
No ratings yet
Cloudintro Lec01
Document38 pages
Cloudintro Lec01
Omar Haddad
No ratings yet
Crime Automation & Reporting System: Implementation Procedures
Document64 pages
Crime Automation & Reporting System: Implementation Procedures
BEDADMISSION 2017
No ratings yet
Cisco CCNP Security 300-210 Exam Questions
Document21 pages
Cisco CCNP Security 300-210 Exam Questions
DND AZ
No ratings yet
Red Teaming Toolkit Collection
Document50 pages
Red Teaming Toolkit Collection
najjaci
No ratings yet
Using Dynamips For CCIE Lab Preparation On A PC
Document20 pages
Using Dynamips For CCIE Lab Preparation On A PC
kktamang09
No ratings yet
Unisphere For VMAX Implementation and Management
Document75 pages
Unisphere For VMAX Implementation and Management
Abhishek
No ratings yet
Attack Graph: Daniel Simons IAE 611-L22 03/21/2010
Document9 pages
Attack Graph: Daniel Simons IAE 611-L22 03/21/2010
dsimons1189
No ratings yet
Welcome!: Equinox - 3D Data Visualisation Equinox - 3D Data Visualisation
Document3 pages
Welcome!: Equinox - 3D Data Visualisation Equinox - 3D Data Visualisation
Anonymous 1rLNlqU
No ratings yet
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
From Everand
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
POONAM DEVI
No ratings yet
VA 1914931FinalReport
Document36 pages
VA 1914931FinalReport
earning.income7
No ratings yet
Project Database Report
Document13 pages
Project Database Report
api-526463519
No ratings yet
Sios Whitepaper Understanding DR Options
Document8 pages
Sios Whitepaper Understanding DR Options
torreswilches
No ratings yet
Tdil
Document202 pages
Tdil
api-3726304
No ratings yet
Project Report On Implementation of Firewall On Linux Platform
Document33 pages
Project Report On Implementation of Firewall On Linux Platform
fajer007
50% (2)
11 PJBUMI Digital Data Specialist DR NARISHAH CV - Narishah - 2021
Document7 pages
11 PJBUMI Digital Data Specialist DR NARISHAH CV - Narishah - 2021
Apexs Group
No ratings yet
Apache HTTP Server
Document7 pages
Apache HTTP Server
YdaelVargasSalazar
No ratings yet
Fundamentals of Cyber Security
Document2 pages
Fundamentals of Cyber Security
Dr-Samson Chepuri
No ratings yet
Email Encryption Memo Download in PDF Format
Document6 pages
Email Encryption Memo Download in PDF Format
Ari Bencuya
No ratings yet
Module 1 E Commerce
Document33 pages
Module 1 E Commerce
Jeoven Izekiel Redelicia
No ratings yet
Data Communications With Voip
Document206 pages
Data Communications With Voip
api-3860591
No ratings yet
2.6.1.3 Packet Tracer - Configure Cisco Routers For Syslog, NTP, and SSH Operations
Document7 pages
2.6.1.3 Packet Tracer - Configure Cisco Routers For Syslog, NTP, and SSH Operations
احمد الجناحي
No ratings yet
Assignment 1
Document7 pages
Assignment 1
Love Dove
No ratings yet
OMS Online Mobile Shopping System Report
Document51 pages
OMS Online Mobile Shopping System Report
ali
No ratings yet
Geospatial Data Analytics On Aws 1St Edition Scott Bateman Full Chapter
Document67 pages
Geospatial Data Analytics On Aws 1St Edition Scott Bateman Full Chapter
maria.bowman208
100% (6)
Excel Pivot Tables April 2016
Document36 pages
Excel Pivot Tables April 2016
Bernard Toplak
No ratings yet
CLI Commands For Troubleshooting Palo Alto Firewalls
Document40 pages
CLI Commands For Troubleshooting Palo Alto Firewalls
gochornea
No ratings yet
English Presentation (Hacking)
Document4 pages
English Presentation (Hacking)
Rui
No ratings yet
Computer Hardware and Networking Multiple Choice Questions With Answers
Document3 pages
Computer Hardware and Networking Multiple Choice Questions With Answers
Tabata Qbz Tawin
50% (2)
Abhishek Jaiswal Resume
Document1 page
Abhishek Jaiswal Resume
Nikhil Arora
No ratings yet
Selenium MCQ
Document6 pages
Selenium MCQ
Nikam Mayur
No ratings yet
Infor LN Installation Guide: Release 10.7.1
Document46 pages
Infor LN Installation Guide: Release 10.7.1
goxhita
No ratings yet
Zavrsni Rad - Konacna Verzija
Document5 pages
Zavrsni Rad - Konacna Verzija
Naida Golać
No ratings yet
Ansible Network To Code Webinar Slides - Aug 2018
Document40 pages
Ansible Network To Code Webinar Slides - Aug 2018
Krishna Chaitanya
No ratings yet
Answer: D and E
Document24 pages
Answer: D and E
karthikalagirisamy
No ratings yet
Conceptual Modeling For ETL Processes: Panos Vassiliadis, Alkis Simitsis, Spiros Skiadopoulos
Document41 pages
Conceptual Modeling For ETL Processes: Panos Vassiliadis, Alkis Simitsis, Spiros Skiadopoulos
Dor Sela
No ratings yet
Collaboration Diagram
Document31 pages
Collaboration Diagram
foggyox407
No ratings yet
Software Testing For Dummies (ADITI Edition)
Document63 pages
Software Testing For Dummies (ADITI Edition)
Madhu Sudhan
100% (1)