ESM and Recon - Alerting and Responding to Zero-Day Attacks Identified by Polyverse Zerotect

209891

OpenText OpenText Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

OpenText | OpenText Community

Polyverse Zerotect is an open-source agent which detects attempted zero-day attacks, with no prior knowledge of the vulnerability or attack being used. This Package contains ArcSight Content based on events report from Polyverse Zerotect.

0 reviews

200 downloads

Product compatibility

ArcSight

CATEGORY

ArcSight | ArcSight ESM ArcSight Recon

Description
Requirements
Suggested apps
Releases
Reviews

Have questions about this item?

Contact us
Subscribe to receive update notifications for this item
Subscribe

Description

This package includes the following ArcSight ESM rules (use cases), which are based

on events reported from Polyverse Zerotect:

1. Possible Overflow Attack detects possible overflow attacks.

2. Possible Brute Force Canary detects possible bruteforcing a stack canary value.

3. Segmentation Violation Detected detects segmentation faults in different

applications and processes.

4. Bus Error Detected detects when a process is trying to access memory that the

CPU cannot physically address.

In addition, this package includes an actionable dashboard Polyverse Zerotect Events

Overview. The dashboard provides the analyst a real-time overview of different events

reported from Polyverse Zerotect to spot malicious activity like overflow attacks and

brute forcing stack canary values

Minimum Requirements

Please refer to the readme file attached.

Suggested apps

Zerotect

Polyverse Corporation

Zerotect is an open-source agent that, integrated with Micro Focus ArcSight, detects attempted zero-day attacks with no prior knowledge of the vulnerability or attack being used.

Novell Cloud Security Service

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Novell Cloud Security Service and related products.

IBM zOS

OpenText

This Novell Sentinel Collector provides data-capture capabilities for IBM z/OS and related products.

Cisco Network Admission Control

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Cisco Network Admission Control and related products.

IBM Proventia Network Enterprise Scanner

OpenText

This Novell Sentinel Collector provides data-capture capabilities for IBM Proventia Network Enterprise Scanner and related products.

NetIQ iManager

OpenText

This NetIQ Sentinel Collector provides data-capture capabilities for NetIQ iManager and related products.

Data Generator

OpenText

Generates test data at a specified rate. This connector does not require a data source.

Sqrrl Threat Hunting Solution for ArcSight

Sqrrl

Sqrrl delivers the power of analytics-driven threat hunting to HPE ArcSight. Sqrrl's Threat Hunting solution extends ArcSight's threat detection capabilities with adversarial behavior analytics, user and entity risk scoring and unique Behavior Graph.

NetIQ Sentinel Link

OpenText

Sentinel Link Collector provides the ability to receive data forwarded from Sentinel Log Manager or other Sentinel systems.

Releases

Release

Size

Date

Polyverse Zertotect 1.0.0.0

94.3 KB

|

Feb 4, 2021

More info Less info

Product compatibility

ArcSight

Version 7.0 · 7.2

Release notes

Please refer to the readme file which attached with this package

Languages

English

Files

(32.4 KB)

(75.4 KB)

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2024-10-1-6270 | Sun Oct 6 21:16:47 PDT 2024