Triage Alerts With CyCraft’s CyberTotal ArcSight Integration

For years, ArcSight has consistently appeared on multiple Top SIEM Software lists, including Gartner’s Magic Quadrant. Security professionals leveraging ArcSight are further empowered by its multiple partner integrations, which now includes CyberTotal — developed by CyCraft, a leading cybersecurity firm in Asia.

‍

CyberTotal Integrates with ArcSight

CyberTotal is a cloud-based threat intelligence service that is uniquely suited to aid SIEM SOC analysts by seamlessly integrating multiple diverse CTI sources, open-source intel, our proprietary threat intelligence international threat actors, their behavior profiles, and much more.

Employing the CyberTotal platform helps security teams quickly verify alerts and triage threats appropriately via automated correlation analysis and knowledge base optimization.

The intuitive CyberTotal Dashboard allows security teams to effortlessly access large amounts of artifacts, each enriched with contextual threat information and, at the same time, improves your team’s efficiency and accuracy by automatically prioritizing indicators of compromise (IoC).

Your team will be able to focus on the most critical and urgent alerts and have a head start via the contextual information provided by the platform.

‍

Faster Alert Validation, Triage, and Investigations

Security teams spend much of the day on validating alerts and triage. CyberTotal saves human capital and increases productivity by automating the necessary research required with validation and triage.

By aggregating multiple cyber threat intelligence sources from around the world, CyberTotal can automatically provide security teams with contextual threat intelligence on indicators such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more.

Using CyberTotal, SOC analysts can rapidly validate alerts by looking at the severity and confidence of the associated indicators. In addition to removing the time-consuming task of removing false positives, analysts can also triage alerts by examining the confidence and severity scores of indicators associated with alerts.

You can further query the Cybertotal API to validate, enrich, or gain context on suspicious indicators or use the dashboard to drill down via our graph database of threat intel to find out if something is malicious or not, or associated with other malicious indicators during investigations.

‍

‍

Threat Hunting

CyberTotal not only aggregates multiple international cyber threat intelligence sources but also enriches your threat intelligence with a host of contextual information of network, file, vulnerability, and actor related data.

If your organization’s firewall or proxy logs are collected in ArcSight, CyberTotal can inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard (see Figure 4) or daily/weekly statistical report (see Figure 3) to speed sec ops workflow.

‍

‍

You can even call CyberTotal’s API to get the latest blacklist data on malicious domains, URLs, IP addresses, and hashes, which you can use to hunt out threats in your organization, or plug into your EDR solution.

‍

Other CyberTotal Features.

• Helps large organizations organize and share disparately structured threat intel sources across multiple geographical locations and formats via the latest TAXII and STIX
• Supports both Snort and Yara formats
• Publishes blacklists for file hashes, domains, URLs, and IP addresses of severe malicious activity
• Provides reputation checks on your potential business partners and provides the confidence and severity of threat intel related to that entity

‍

Minimum Requirements

• ArcSight ESM 7.0.0.2436.1 or higher
• ArcSight SmartConnector 7.14 installed on CentOS version 7 Linux server
• Network access to CyberTotal (https://cybertotal.cycraft.com)

‍

Intuitive Dashboard Design and Support

The intuitive and straightforward design of the CyberTotal dashboard and the CyCraft customer support team help reduce the typically high-learning curve associated with software integration, so SOC analysts can spend more time doing what matters most — protecting their organization.

“CyCraft’s customer support provided excellent communication, incident reports, and response times, leaving us feeling confident and at ease with our security situation.”

-One security analyst for one of the top three telecommunication companies in Taiwan

‍

‍

Our CyberTotal Team

Our cyber intelligence team of security professionals tracks the most sophisticated forms of intrusion techniques and provides historical and up-to-date information on APT groups.

Our team is composed of DEFCON CTF finalists and former members of the Taiwan Ministry of Defense, the Taiwan Criminal Investigation Bureau, and the premiere Taiwan social hacker group, CHROOT.

‍

Industry Recognition

• Joined MITRE ATT&CK Evaluations round two against APT29 and round three against CARBANAK and FIN7
• Member of FIRST — the premier incident response organization
• Winner of multiple Gold Cybersecurity Excellence Awards, including MDR, Forensics, Incident Response, and Artificial Intelligence as well as a Best Cybersecurity Company Gold Award