InQuest

InQuest

4769

InQuest Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

InQuest | Community

The InQuest platform focuses on capturing, identifying, processing, inspecting, and storing network content to detect and/or prevent malicious logic and/or sensitive information in transit.

25 downloads

Product compatibility

ArcSight SmartConnector

Description

Joint Solution Overview

The InQuest platform focuses on capturing, identifying, processing, inspecting, and storing network content to detect and/or prevent malicious logic as well as sensitive information in-transit. Innovative and constantly evolving file post-processing techniques are applied to live monitored network traffic providing insights into even the most creative combinations of obfuscation. InQuest's Threat Discovery Engine (TDE) integration discovers threats embedded within network content based on the weekly updated InQuest proprietary signature pack. InQuest's TDE integration, in conjunction with Micro Focus ArcSight, provides users with the ability to monitor and correlate alerts within the ArcSight Console. InQuest’s MetaDefender Core integration provides the capability of scanning files with multiple Antivirus engines without having to disclose files outside of your network boundaries. When this integration is enabled, InQuest will automate the process of submitting files, logging, and alerting on AV engine hits while forwarding network and file alert information to ArcSight via Syslog. InQuest’s cloud-based MultiAV and VirusTotal integrations provide alerting capabilities for message digests submitted to either InQuest Labs or VirusTotal. These integrations do not disclose information from your network and serve as an efficient means of discovering exploits and malware in the wild. Hashes are submitted to the cloud and AntiVirus scan results are returned for that hash. This does not provide an equivalent level of coverage as InQuest’s MetaDefender Core integration but provides an excellent degree of coverage for common malware discovered in the wild. InQuest’s Header Analytics TDE integration provides alerting capabilities for indicators found within numerous protocol headers which could be attributed to various command-and-control or exploit activity.

Use Cases

This section describes important use cases supported by this integration.

● Malicious File Detection using Deep File Inspection (DFI) with InQuest Threat Discovery Engine (TDE)

● Malicious File Detection using AntiVirus-based integrations

Malicious File Detection using Deep File Inspection (DFI) with InQuest Threat Discovery Engine (TDE)

InQuest detected an e-mail with a malicious PDF attachment containing various levels of obfuscation. InQuest’s policy included signatures for malicious XORed file signatures and a Common Event Format (CEF) message was sent to the local MIcroFocus ArcSight deployment. The event was escalated by the Intrusion Detection Team to the Incident Response Team and the appropriate actions were taken to remediate the compromised system.

Malicious File Detection using AntiVirus-based Integrations

A user receives a targeted e-mail containing a URL to a malicious Flash file. The user clicks the link and is redirected to the site hosting the malicious Flash file and that file is executed. InQuest’s MultiAV integration sends an alert to ArcSight based on the malicious file’s message digest which has been previously identified as malicious and circulating the internet. The event was escalated by the Intrusion Detection Team to the Incident Response Team and appropriate actions were taken to remediate the compromised system.