The EclecticIQ platform base content package is provided along with this guide and contains the base content to structure and visualize incoming threat intelligence form the platform in ArcSight ESM.
Log in to the ArcSight Console.
Above the Navigator, click the Packages tab.
Click Import, and select the latest provided EclecticIQ base content package to ESM.
When the base content package is imported in ESM, execute a configured outgoing feed in EclecticIQ Platform and open the Active Channel EclecticIQ CEF output with Aliased Fields.
The active Channel displays a live view of all incoming threat intelligence from EclecticIQ Platform.
The base content package provides a lightweight Rule that populates a single multi-mapped Active List with all new incoming threat intelligence.
All fields are Aliased to reflect the EclecticIQ and STIX taxonomy.
The base content package contains Alias and option setter Variables that can be used throughout the content.