Comments (8)
Hi Gents,
Sounds good to have a generic lookup feature for log enrichment in particular for otx, virustotal and misp hashes. 👍
Find below some additionnal free sources I'd like to use to enrich my logs with :
http://rules.emergingthreats.net/blockrules
http://rules.emergingthreats.net/fwrules
http://hailataxii.com
https://www.iblocklist.com/lists
http://mirror1.malwaredomains.com
https://www.phishtank.com/
https://isc.sans.edu/suspicious_domains.html
Cheers
from graylog-plugin-threatintel.
Basically same features as threat pinch implemented into Graylog threat Intel. Also I'd like to add malware domains lists as well
from graylog-plugin-threatintel.
We'll start looking into this really soon!
from graylog-plugin-threatintel.
Emerging threats pulls from hereL
http://www.openbl.org/lists/base.txt
from graylog-plugin-threatintel.
I have Graylog parse and add an MD5 field for each file executed on windows systems, can we add MD5 file checking:
OTX already support MD5/SHA256/imphash lookup:
example:
https://otx.alienvault.com/indicator/file/db349b97c37d22f5ea1d1841e3c89eb4
API Examples:
https://otx.alienvault.com/static/external_api.html#panel_api_v1_indicators_file__file_hash___section_
from graylog-plugin-threatintel.
VirusTotal file hash lookups would be very useful for use in combination with messages received from sysmon.
from graylog-plugin-threatintel.
how is this going ? will it be added soon ?
from graylog-plugin-threatintel.
The current options of TOR, abuse.ch (seems to be discontinued: https://ransomwaretracker.abuse.ch/) and Spamhaus are just not enough these days. AFAIK AlienVault's OTX isn't part of the Threat Intel Plugin any longer.
Additional integrations are badly needed.
from graylog-plugin-threatintel.
Related Issues (20)
- OTX lookup result doesn't use validation informations from the OTX response HOT 2
- Alienvault OTX lookups missing in webui HOT 1
- Where do I download the complied .jar file HOT 1
- Migrate lookup table content packs to content-packs-v2 HOT 1
- tor_lookup pipeline function returns always false HOT 15
- OTX threat intel plugin add STIX/TAXII Server HOT 1
- Plugin does not have a license
- reduce logs by `in_private_net` with ipv6
- Improve WHOIS adapter handling of multiple results
- ransomwaretracker.abuse.ch discontinued HOT 5
- Miniscule spelling error HOT 1
- tor_lookup does not work for IPv6 HOT 1
- Feature Request: Add OTX Stream URL to threat detected and additional information from OTX API
- Feature Request: Lookup table Exclusion list or Exclusion Data Adapter HOT 7
- Add proxy in the configuration page HOT 1
- OTX lookup is limited to IPv4/IPv6/domain lookups.
- Tor_lookup Always returns false HOT 3
- Data Adapter: Lookup txt files? HOT 2
- No details on firewall rules needed to work HOT 5
- Java errors generated if blank IP passed to threat_intel_lookup_ip() HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graylog-plugin-threatintel.