Giter Site home page Giter Site logo

Comments (8)

fulldanad avatar fulldanad commented on June 6, 2024 1

Hi Gents,

Sounds good to have a generic lookup feature for log enrichment in particular for otx, virustotal and misp hashes. 👍

Find below some additionnal free sources I'd like to use to enrich my logs with :

http://rules.emergingthreats.net/blockrules
http://rules.emergingthreats.net/fwrules
http://hailataxii.com
https://www.iblocklist.com/lists
http://mirror1.malwaredomains.com
https://www.phishtank.com/
https://isc.sans.edu/suspicious_domains.html

Cheers

from graylog-plugin-threatintel.

ion-storm avatar ion-storm commented on June 6, 2024

Basically same features as threat pinch implemented into Graylog threat Intel. Also I'd like to add malware domains lists as well

from graylog-plugin-threatintel.

lennartkoopmann avatar lennartkoopmann commented on June 6, 2024

We'll start looking into this really soon!

from graylog-plugin-threatintel.

kurobeats avatar kurobeats commented on June 6, 2024

Emerging threats pulls from hereL

http://www.openbl.org/lists/base.txt

from graylog-plugin-threatintel.

ion-storm avatar ion-storm commented on June 6, 2024

I have Graylog parse and add an MD5 field for each file executed on windows systems, can we add MD5 file checking:

OTX already support MD5/SHA256/imphash lookup:
example:
https://otx.alienvault.com/indicator/file/db349b97c37d22f5ea1d1841e3c89eb4

API Examples:
https://otx.alienvault.com/static/external_api.html#panel_api_v1_indicators_file__file_hash___section_

from graylog-plugin-threatintel.

skear avatar skear commented on June 6, 2024

VirusTotal file hash lookups would be very useful for use in combination with messages received from sysmon.

from graylog-plugin-threatintel.

dio99 avatar dio99 commented on June 6, 2024

how is this going ? will it be added soon ?

from graylog-plugin-threatintel.

MP-blue avatar MP-blue commented on June 6, 2024

The current options of TOR, abuse.ch (seems to be discontinued: https://ransomwaretracker.abuse.ch/) and Spamhaus are just not enough these days. AFAIK AlienVault's OTX isn't part of the Threat Intel Plugin any longer.

Additional integrations are badly needed.

from graylog-plugin-threatintel.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.