ArcSight ESM SIEM by Micro Focus (Formerly HPE Software).
ArcSight ESM
- Details
- Content
- Dependencies
- Version History
ArcSight ESM SIEM by Micro Focus (Formerly HPE Software).
Integrations
| Name | Description |
|---|---|
| ArcSight ESM v2 |
Playbooks
| Name | Description |
|---|---|
| Arcsight - Get events related to the Case | Get the Case's Arcsight ResourceID from the FetchID field, or the "ID" label. If neither is there, ask user for the ID. |
| TIM - ArcSight Add Url Indicators | This playbook queries indicators based on a pre-defined |
| TIM - ArcSight Add IP Indicators | This playbook receives indicators from its parent playbook and provides the indicators as inputs for the sub-playbooks that push the indicators to SIEM. |
| TIM - ArcSight Add Domain Indicators | This playbook queries indicators based on a pre-defined query or results from a parent playbook, and adds the resulting indicators to an ArcSight Active List. The Active List ID should also be defined in the playbook inputs, as well as the field name in the Active list to add to. |
| TIM - ArcSight Add Bad Hash Indicators | This playbook queries indicators based on a pre-defined query or results from a parent playbook, and adds the resulting indicators to an ArcSight Active List. The Active List ID should be defined in the playbook inputs, as well as the field name in the Active list to which to add the indicators. |
Integrations
| Name | Description |
|---|---|
| ArcSight ESM v2 | ArcSight ESM SIEM by Micro Focus (Formerly HPE Software). |
Playbooks
| Name | Description |
|---|---|
| TIM - ArcSight Add Url Indicators | This playbook queries indicators based on a pre-defined |
| TIM - ArcSight Add Domain Indicators | This playbook queries indicators based on a pre-defined query or results from a parent playbook, and adds the resulting indicators to an ArcSight Active List. The Active List ID should also be defined in the playbook inputs, as well as the field name in the Active list to add to. |
| TIM - ArcSight Add IP Indicators | This playbook receives indicators from its parent playbook and provides the indicators as inputs for the sub-playbooks that push the indicators to SIEM. |
| TIM - ArcSight Add Bad Hash Indicators | This playbook queries indicators based on a pre-defined query or results from a parent playbook, and adds the resulting indicators to an ArcSight Active List. The Active List ID should be defined in the playbook inputs, as well as the field name in the Active list to which to add the indicators. |
| Arcsight - Get events related to the Case | Get the Case's Arcsight ResourceID from the FetchID field, or the "ID" label. If neither is there, ask user for the ID. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (3)
| Pack Name | Pack By |
|---|---|
| Cortex REST API | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.2.0 - R6834680 (November 8, 2023)
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | July 28, 2020 | |
| Last Release | July 7, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
