Building a toolbox around threat intelligence can be done with freely available tools. Shared information about malicious behaviour allows you to detect and sometimes prevent activity from – and to – Internet resources that could compromise your systems’ security. I’ve already described how to use lists of malicious domain names in a BIND RPZ (Response […]
Tags:
BIND,
Bro,
comp,
DNS,
firewall,
NetFlow,
network,
ossec,
OTX,
security,
SiLK Comments Off on Threat intelligence: OTX, Bro, SiLK, BIND RPZ, OSSEC |
Read the rest of this entry »
Did you ever wonder where your network traffic goes (and originates from)? With the SiLK suite and optionally some JavaScript map classes it’s quite easy to find out. SiLK is a tool quite equal to Cisco‘s NetFlow, and SiLK does indeed accept NetFlow output from a router. Just like NetFlow tools, SiLK stores network traffic […]