Comments (5)
Had a look at the the API for urlhaus.abuse.ch and it seems like it might support something roughly like the ransomware URL data adapter, but I'm not sure there's a solution for the Domain and IP ransomware adapters. Discussing with the team about the best path forward for this issue.
from graylog-plugin-threatintel.
+1
Please!
from graylog-plugin-threatintel.
Does this mean that the Abuse.ch Ransomware tracker lookups in Graylog are no longer useful ?
from graylog-plugin-threatintel.
When they did not changed anything in the meantime, that it is not useful since Dec 8th, 2019
from graylog-plugin-threatintel.
I have removed the abuse.ch plugin, rules, pipeline, and events/alerts from my setup, to save the wasted processing power and storage space.
The rest of the GL userbase should probably be prompted to do so (be it via the notification system or in a future update).
Also the blog entry on the GL website on the abuse.ch setup should probably get updated.
Finally I think it would be better to treat the URLhaus integration separately as it has a different use case.
from graylog-plugin-threatintel.
Related Issues (20)
- OTX lookup result doesn't use validation informations from the OTX response HOT 2
- Alienvault OTX lookups missing in webui HOT 1
- Where do I download the complied .jar file HOT 1
- Migrate lookup table content packs to content-packs-v2 HOT 1
- tor_lookup pipeline function returns always false HOT 15
- OTX threat intel plugin add STIX/TAXII Server HOT 1
- Plugin does not have a license
- reduce logs by `in_private_net` with ipv6
- Improve WHOIS adapter handling of multiple results
- Miniscule spelling error HOT 1
- tor_lookup does not work for IPv6 HOT 1
- Feature Request: Add OTX Stream URL to threat detected and additional information from OTX API
- Feature Request: Lookup table Exclusion list or Exclusion Data Adapter HOT 7
- Add proxy in the configuration page HOT 1
- OTX lookup is limited to IPv4/IPv6/domain lookups.
- Tor_lookup Always returns false HOT 3
- Data Adapter: Lookup txt files? HOT 2
- No details on firewall rules needed to work HOT 5
- Java errors generated if blank IP passed to threat_intel_lookup_ip() HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graylog-plugin-threatintel.