Anti-Malware-Alliance / command-control-harvest

Tool to Harvest Known C&C, and Other Malicious Indicators from Open Sources, to generate Security Feed.
MIT License
1 stars 0 forks source link

Thread Feed Agregator for Command and Control Servers #2

Open rothoma2 opened 7 months ago

rothoma2 commented 7 months ago

The Problem.

There are several existing projects in GitHub that aggregate several sources to come up with a list of Command and Control Servers. This IP Address, are useful to be integrated into SIEM or alerting solutions as IOCs.

This service is usually commercialized on "Next Generation Firewalls" When new connections been established are matched to private list of known malicious IP Address.

Therefore is important to separate the Threat Feed, from the Network Flow information. Having such a Thread feed can be integrated into other networks via Netflow, Logs or other means.

Requirements

rothoma2 commented 6 months ago

648e671c1fc7402ccfb70f8f__FbYSOKESXM_WbYrb13GOkJojmYZ-hV1aNVTzcUvWMk.pdf