-
-
Notifications
You must be signed in to change notification settings - Fork 11
Where do I start with Integrations
While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
see more at bro.org
$ cif --itype ipv4 --format bro --limit 5
#fields indicator indicator_type meta.desc meta.cif_confidence meta.source
92.50.31.66 Intel::ADDR exploit 4 spamhaus.org
210.4.72.138 Intel::ADDR exploit 4 spamhaus.org
61.150.89.67 Intel::ADDR spam 4 spamhaus.org
68.180.32.194 Intel::ADDR exploit 4 spamhaus.org
221.206.72.203 Intel::ADDR spam 4 spamhaus.orgSnort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
see more at snort.org
$ cif --itype ipv4 --format snort --limit 5
alert TCP any any -> 74.28.188.130 any (reference: http://www.spamhaus.org/query/bl?ip=74.28.188.130; priority: 1; threshold: type limit,track by_src,count 1,seconds 3600; sid: 5000000000; msg: CIF - GREEN - exploit;)
alert IP any any -> 74.208.184.119 any (reference: http://www.spamhaus.org/query/bl?ip=74.208.184.119; priority: 1; threshold: type limit,track by_src,count 1,seconds 3600; sid: 5000000001; msg: CIF - GREEN - spam;)
alert TCP any any -> 173.237.190.72 any (reference: http://www.spamhaus.org/query/bl?ip=173.237.190.72; priority: 1; threshold: type limit,track by_src,count 1,seconds 3600; sid: 5000000002; msg: CIF - GREEN - spam;)BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications. The name BIND stands for “Berkeley Internet Name Domain”, because the software originated in the early 1980s at the University of California at Berkeley.
BIND is by far the most widely used DNS software on the Internet, providing a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.
see more at isc.org
$ cif --itype fqdn --confidence 4 --format bind --tags phishing,malware --limit 5
// generated by: CIF at 2016-35-23T10:02:55 EST
zone "mail.ghiend.com" {type master; file "/etc/namedb";};
zone "ghiend.com" {type master; file "/etc/namedb";};
zone "ns1.bwreg.com" {type master; file "/etc/namedb";};
[Note these are older and may or may not 100% integrate with v4 yet]