Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior

Last updated at Mon, 28 Oct 2019 16:52:59 GMT

If you're using HP ArcSight ESM as your SIEM, you can now add user-based incident detection and response to your bag of tricks. Rapid7 is releasing a new integration between Rapid7 UserInsight and HP ArcSight ESM, which enables you to detect, investigate and respond to security threats targeting a company's users more quickly and effectively.

HP ArcSight is often at the heart of the world's most sophisticated security operations, collecting and correlating a wide array of data. This data can now be easily fed into Rapid7 UserInsight to detect and investigate compromised credentials, phishing attacks and suspicious behavior, reducing the number of integration points and accelerating deployments.

When UserInsight detects incidents, it can now feed these alerts back to HP ArcSight ESM for further correlation and visibility, leveraging ArcSight as the single pane of glass for security activities in a company's Security Operations Center (SOC). Each alert contains information about the incident as well as a deep link into UserInsight for further investigation.

Compromised credentials are the most common attack vector according to the Verizon Data Breach Investigations Report 2014. With credentials, attackers can pose as genuine users and move laterally through the network, and this has traditionally been very difficult to detect. In addition, malicious insiders pose a similar challenge to detection. UserInsight addresses these challenges, giving users greater confidence in their network security in an easy-to-deploy technology that integrates with their existing Security Information and Event Management solution.

This integration builds on our existing technology partnership between Rapid7 Nexpose and HP ArcSight ESM. Vulnerability data from Nexpose scans feeds into ArcSight ESM so users can create alerts, raise alarms, or take other operational actions when attacks are happening on assets affected by vulnerabilities. This provides more insight into the current risk state of the organization's infrastructure. This integration has recently been reengineered to give customers even greater stability, speed and efficacy.

If you'd like to see the integration, simply contact us for a UserInsight online demo.

Learn more about Rapid7's products and services to help you detect attacks leveraging compromised credentials.