Customer is a leading Threat Intelligence platform, delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.
Client requested for the integration of their Threat Intelligence product with the HP ArcSight so that their clients can view and leverage the Threat Intelligence in their existing ArcSight platform
- Sacumen developed the Connector for customer’s Threat Intelligence product for integration with HP ArcSight ESM using CEF ( Common Events Format)
- Threat Intelligence Connector ( to provide REST interface) developed using JAVA to send the CEF Syslog data to HP Arcsight Syslog Connector
- Automatically correlate internal and external network events using prioritized real-time IP threat intelligence with contextual information to detect malicious IP threats for investigation
- IP Correlation component developed using HP ArcSight Console
- Built dashboards to display alerts and other relevant information. The nature of the reports and dashboards developed was in line with the model provided by HP ArcSight Console