Open k41zen opened 5 years ago
you can do this at the MISP end
Hey @k41zen
Recently I have updated Cuckoo's domain and IP whitelisting capabilities a bit.
In your $CWD, there is a whitelist directory. In here 2 files domain.txt
and ip.txt
can be created if they do not exist yet. These files can contain domains or IPs on a new line for each entry. Cuckoo will then use these lists to filter out communication with the specified entries while the network processing component runs. This completely removes them from all reports.
The IP whitelisting is currently only available in the latest development version (master branch).
Excellent thank you for this. I'll try this right now and let you know.
I've seen the modified misp.py files which adds customisation and IOC's that you don't want to feed in to MISP but these error when modified with the latest version of Cuckoo.
So how do I filter out DNS requests to 8.8.8.8 (DNS IP VM host is set to) from MISP?