CyCraft CyberTotal

CyCraft CyberTotal

215881

CyCraft Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

CyCraft | Community

CyCraft secures the Fortune 500 via MDR, IR, & TI. Our threat intel service, CyberTotal, merges 20+ major sources, open source & proprietary intel. With this simple integration you can rapidly hunt threats & validate/enrich your artifacts/indicators.

53 downloads

Description

CyberTotal is a cloud-based threat intelligence service developed by CyCraft, which cohesively integrates multiple and varied CTI sources, open-source intel, and proprietary threat intel to provide best-in-class threat intelligence. CyCraft’s Cyber Intel team has long tracked the most sophisticated forms of intrusion and provides historical and up-to-date information on APT groups.

CyberTotal helps companies quickly identify and triage threats as well as verify security alerts through automated correlation analysis and knowledge base optimization. This integration enables large amounts of received artifacts to rapidly and concisely be enriched with contextual threat information to improve the efficiency and accuracy of your security operations. Indicators are prioritized for security experts to quickly focus on the most important and urgent alerts, thereby saving human capital and increasing productivity.

The two main use cases supported by the CyberTotal integration are:

Use Case 1: Alert Validation

On average, security teams review several thousand alerts each day. By employing the CyberTotal platform, intelligence can be more accurately analyzed and prioritized. The enrichment of the indicators produces contextual threat information such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more. With the additional reputation and storyline data describing the indicator, security experts can quickly eliminate false alarms and decide if further investigation is needed. Users can also click the CyberTotal URL link to view the indicator’s full report.

Use Case 2: Threat Hunting

CyberTotal automatically aggregates multiple cyber threat intelligence sources from around the world. This enriched threat intelligence data includes severity levels, confidence levels, and threat scores with grading, correlation, and aggregation scores, thus enabling security personnel to more accurately classify and handle each alert. If enterprise firewall or proxy logs are collected in ArcSight, CyberTotal can help to inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard or daily/weekly statistical reports to speed the sec ops workflow.

Minimum Requirements

ArcSight ESM 7.0.0.2436.1 or higher
ArcSight SmartConnector 7.14 installed on CentOS version 7 Linux server
Network access to CyberTotal (https://cybertotal.cycraft.com).

Suggested apps

New

Community

ThreatConnect App for ArcSight

ThreatConnect

More than 1,200 companies and agencies worldwide use ThreatConnect to unite their cybersecurity people, processes and technologies behind a cohesive intelligence-driven defense.

Default System Zone

OpenText

Update default system zones.

New

Community

Indegy Industrial Cyber SecurityPlatform

Indegy

Indegy secures against operational disruptions caused by Cyber Threats, Malicious Insiders and Human Error, and ensures operational safety, continuity and reliability, by providing visibility and control to industrial control networks.

FREE

New

OpenText

IBM zOS

OpenText

This Novell Sentinel Collector provides data-capture capabilities for IBM z/OS and related products.

FREE

New

OpenText

McAfee Vulnerability Manager

OpenText

This NetIQ Sentinel Collector provides data-capture capabilities for McAfee Vulnerability Manager and related products.

FREE

New

OpenText COMMUNITY

Voltage SmartCipher

OpenText

SmartCipher transparently encrypts and embeds with access and use controls that protect files wherever they go, enforced by centralized policy management for real-time monitoring, discovery, and classification.

New

Community

Airlock WAF

Ergon Informatik AG

Airlock Suite deals with the issues of filtering and authentication in one complete and coordinated solution – setting standards for usability and services. Airlock Suite is protecting more than 30.000 back-ends and 15 million identities around the globe.

New

Community

Sqrrl Threat Hunting Solution for ArcSight

Sqrrl

Sqrrl delivers the power of analytics-driven threat hunting to HPE ArcSight. Sqrrl's Threat Hunting solution extends ArcSight's threat detection capabilities with adversarial behavior analytics, user and entity risk scoring and unique Behavior Graph.

Cisco Aironet

OpenText

This Novell Sentinel Collector provides data-capture capabilities for Cisco Aironet and related products.

Releases

Release

Size

Date

CyberTotal 1.5

33.3 MB

Jan 20, 2020

More info Less info

Product compatibility

ArcSight

Version 7.0 · 7.2

Version 6.11

Release notes

Date: 2020-20-01
Features:
- Installation guide (pdf)
- CyberTotal ArcSight ESM ARB package
  - Rules: Query indicators on CyberTotal by executing commands on the SmartConnector.
  - Dashboard: Show real-time status of queries, sources and results.
  - Report: Daily report includes statistics of indicators' enriched results and can be mailed to given email account in settings.
- ASHelper
  - Installation files are the rpm package and the install script.
  - Provides ability to connect to CyberTotal and forward CyberTotal CEF logs to ArcSight ESM.

Languages

English

Files

(32.3 MB)

(2.2 KB)

(88.4 KB)

(3.4 MB)

Sign in

Marketplace

App Support Tiers

Product compatibility

CATEGORY

Description

Minimum Requirements

Suggested apps

ThreatConnect App for ArcSight

Default System Zone

Indegy Industrial Cyber SecurityPlatform

IBM zOS

McAfee Vulnerability Manager

Voltage SmartCipher

Airlock WAF

Sqrrl Threat Hunting Solution for ArcSight

Cisco Aironet

Releases

Unsubscribe from notifications

Marketplace Terms of Service

Your download has begun