Micro Focus ArcSight ESM
Threat Intelligence in, Sightings Out
- Identify high-risk sightings from Micro Focus ArcSight ESM by integrating with EclecticIQ Intelligence Center
- Prioritize your triage and respond faster to cyber attacks
EclecticIQ Intelligence Center includes built-in integration with Micro Focus ArcSight Enterprise Security Manager (ESM), the enterprise Security Information and Event Management (SIEM) solution that dramatically reduces the time to detect and respond to threats.
EclecticIQ Intelligence Center acquires cyber threat data in different formats from multiple sources; de-duplicates, normalizes, and enriches source data with additional contextual details; and feeds relevant information to Micro Focus ArcSight ESM.
Micro Focus ArcSight ESM, using a rule-based approach, analyzes and filters cyber threat data delivered to via EclecticIQ Intelligence Center to identify the most relevant threats to your organization. Important sightings and alerts are then fed back into EclecticIQ Intelligence Center for automatic dissemination and analyst review.
The result of this process is a rich threat intelligence dataset, prioritized according to the actual threats seen by your SIEM prevention and detection system.
The EclecticIQ Intelligence Center integration with ArcSight ships with a base content package to structure and visualize incoming threat intelligence, making it easier for ArcSight users to monitor threats, as well as to analyze and perform triage on any Indicators of Compromise (IOCs) the data analysis may yield. The EclecticIQ Intelligence Center integration with ArcSight is validated and certified by Micro Focus.
The basic integration with EclecticIQ Intelligence Center consists of an ArcSight Smart Connector and the provided EclecticIQ Intelligence Center base content package for ArcSight ESM. The recommended connector to be used is a syslog daemon connector to receive threat intelligence in CEF format and send it into ArcSight ESM. This connector can be installed on EclecticIQ Intelligence Center or on a separate connector server.
For a bi-directional integration, a second ArcSight CounterACT Smart Connector is needed to talk back to EclecticIQ Intelligence Center e.g. create an entity, search, report a sighting or freely to execute commands via its REST interface.
The EclecticIQ Intelligence Center integration with ArcSight is delivered together with EclecticIQ Intelligence Center. Please also look at the integration listed on Micro Focus ArcSight MarketPlace.
This integration has been developed together with our partner Perceptive Security.