Building a toolbox around threat intelligence can be done with freely available tools. Shared information about malicious behaviour allows you to detect and sometimes prevent activity from – and to – Internet resources that could compromise your systems’ security. I’ve already described how to use lists of malicious domain names in a BIND RPZ (Response […]
Tags:
BIND,
Bro,
comp,
DNS,
firewall,
NetFlow,
network,
ossec,
OTX,
security,
SiLK Comments Off on Threat intelligence: OTX, Bro, SiLK, BIND RPZ, OSSEC |
Read the rest of this entry »
Building upon a sysadvent article I wrote at work, I’ve set up a dedicated Response Policy Zone using the freely available data files from the Malware Domain Blocklist. There are different ways to do this, but for this particular purpose I’ve imported the text file and generated a single zone file locally. BIND supports up […]