FAQs for SIEM Content Packs
Last Modified: 2022-11-30 09:11:11 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
FAQs for SIEM Content Packs
Technical Articles ID:
KB84036
Last Modified: 2022-11-30 09:11:11 Etc/GMT EnvironmentSIEM Enterprise Security Manager (ESM) 11.x
SIEM Advanced Correlation Engine 11.x SIEM Event Receiver (Receiver) 11.x Summary
This article is a consolidated list of common questions and answers. It's intended for users who are new to the product, but can be of use to all users. Recent updates to this article
What are Content Packs? ESM allows you to simplify operations with "ready to go" security use-case oriented Content Packs.
Through the automated content bundles, you can select, download, and deploy critical SIEM configuration settings that are focused on monitoring use cases. The cases monitored include insider threat, data leakage, email content, firewall, malicious activity, malware, policy, reconnaissance, suspicious activity, web filtering, and authentication. The Content Packs are preconfigured to offer you fast access to advanced threat or compliance-management capabilities.
Content Packs can contain predefined ESM Views, Reports, Watchlists, Alarms, Correlation Rules, and Variables. You can browse through them and select only the content that you require. How are Content Packs created and distributed? Trellix experts collaborate with partners and customers to create the Content Packs. After development and testing, Content Packs are hosted on the SIEM Rules Server. No additional network or firewall configurations are needed to review and download Content Packs. In addition, Content Packs are also available for download from the Knowledge Base.
Which ESM versions are compatible with Content Packs? Content Packs are currently compatible with all supported versions of ESM. Most Content Packs consist of one .zip file that can be used on all ESM versions. Some Content Packs consist of two .zip files (one for older and one for newer ESM versions). The Content Pack documentation contains information regarding which .zip file is to be used for your ESM installation.
How often are new Content Packs created? Can I review which packages are available?
Content Packs are released as often as needed and in response to prioritized use cases.
For a full catalog of available Content Packs, see the Trellix Content Catalog. You can browse, update, install, or uninstall Content Packs anytime from inside the ESM User Interface by clicking System Properties. You can review details of the Content Packs before installation. The items that can be reviewed are targeted use cases, applicable device types, requirements, correlation rules, reports, watchlists, alarms, and variable names. How do I find Content Packs in the Knowledge Base? To help our customers implement Content Packs, Trellix adds individual articles to the Knowledge Base for each Content Pack that we provide. These articles contain the Content Pack in a .zip attachment, together with detailed use information in PDF form. New Content Pack articles are added regularly. View the current list of Content Pack articles or follow the steps below to perform a manual search for the Content Pack articles:
Who can receive Content Packs? Content Packs are offered to all ESM customers and are included in their annual maintenance contract. There are no additional costs.
Affected ProductsLanguages:This article is available in the following languages: |
|