Skip to content
This repository has been archived by the owner on Feb 4, 2018. It is now read-only.
/ TCArbDownloader Public archive

This is a shell script that connects to HPE Security Threat Central server and downloading arb files for HPE ArcSight ESM.

threatcentral.io
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bachner/TCArbDownloader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
arbdownloader
arbdownloader
 
 
threatcentral.conf
threatcentral.conf
 
 

Repository files navigation

Threat Central ARB Downloader - linux bash script

Background

This is a solution for those who have the Threat Central Model Import Connector (MIC) for ArcSight ESM installed in the internal network without access to the internet. The MIC though must have access to Arcsight ESM manager.

Setup

  1. Set an API key in the threatcentral.conf file.
  2. Specify the location of the threatcentral.conf file in the conf_file field in the arbdownloader file.
  3. Add the arbdownloader script to a cron-job to fetch the files every 5 minutes.

DMZ side

The script should be running from the DMZ with access to threatcentral.io domain on port 443.

Internal network

Take the arb files from the DMZ and put them in the MIC directory. E.g. C:\Program Files\ArcSightSmartConnectorsTC\current\user\agent\mic\tcmic\tc. The connector should automatically process the files and update the active-lists in ESM.

About

This is a shell script that connects to HPE Security Threat Central server and downloading arb files for HPE ArcSight ESM.

threatcentral.io

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published