I added a whitelist variable utlizing the urlsplit library which is already installed. This allows users an easy way to whitelist domains using the domain.txt file located in cwd/whitelist/. This signature caused misleading "hits "that require the analyst to spend large amounts of time sifting through legitimate URL's in order to find a malicious URL. This change allows users to add any whitelisted entries into the domain.txt file as an easy way to trim down the "noise".
Original Alert:
Added armmf.adobe.com to cwd/whitelist/domain.txt with nano:
I added a whitelist variable utlizing the urlsplit library which is already installed. This allows users an easy way to whitelist domains using the domain.txt file located in cwd/whitelist/. This signature caused misleading "hits "that require the analyst to spend large amounts of time sifting through legitimate URL's in order to find a malicious URL. This change allows users to add any whitelisted entries into the domain.txt file as an easy way to trim down the "noise".
Original Alert:
Added armmf.adobe.com to cwd/whitelist/domain.txt with nano:
New Alert:
Thank you.