Hexadite Community
Support via OpenText Software Support, with a ticket filed against the associated product.
OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.
OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.
Community Contributed Content is provided by OpenText customers and supported by them.
EARLY ACCESS
Show less ...Show moreThe downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.
Automated Incident Investigation Together, HPE ArcSight ESM, and Hexadite AIRS provide near real-time investigation of security alerts to help close the gap between detection and response. Hexadite leverages the ArcSight Data Platform to collect, query, and investigate additional contextual information to help determine if an alert is a true positive or if it can be closed without the need for manual review. Through automation, false positives can be ruled out more quickly, and large scale events that combine multiple alerts can be managed more efficiently. Efficiencies result in the need for fewer security analysts, and experienced analysts can spend more time on validated alerts.
Remediation Hexadite AIRS analyzes security events and can perform targeted mitigation actions to take place such as closing a connection, killing a process, quarantining a file, changing a firewall rule, etc. In semi-automated mode, once Hexadite AIRS validates a threat and determines the best course of mitigation action, Hexadite AIRS sends a notification to HPE ArcSight ESM, bringing the event to the attention of an analyst who reviews the information and makes a call back to Hexadite AIRS to approve the remediation execution. Once a team is comfortable with the remediation recommendations, the solution can be deployed in fully automatic mode performing the full investigation and remediation automatically.
Reporting The proliferation of security tools deployed throughout an organization’s environment makes it important that there be one place for all security information. Once an event is analyzed and any necessary remediation is completed, Hexadite sends back its analysis and closes the loop with HPE ArcSight. Case and alert management in HPE ArcSight provide users with a complete history of alerts, analysis, and status until closure. With the insights from Hexadite, HPE ArcSight correlation rules can be fine-tuned to continuously reduce false positives resulting in ongoing improvements.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox