aplura / Tango

Honeypot Intelligence with Splunk
GNU General Public License v2.0
255 stars 43 forks source link

Consider adding additional third party intel #20

Open mackwage opened 9 years ago

mackwage commented 9 years ago

E.g. add a section with Robtex info on the attacker profile page.

Also on the main dashboard, consider an integration with other bad IP lists and RBLs. So the dashboard would list all of the IPs which hit your honeypots where the source IP is already present on another bad IP list or RBL.

mackwage commented 9 years ago

Obviously this is an enhancement request; not an issue. :)

brianwarehime commented 9 years ago

Awesome ideas. I can definitely see something like Robtex helping out on the attacker profile page, and correlating the IP against other lists would definitely show value too. I'll work on these and update the status here as I go.

Thanks for the suggestions!