SiLK IPSet output support

mlsecproject / combine

Tool to gather Threat Intelligence indicators from publicly available sources

https://www.mlsecproject.org/

GNU General Public License v3.0

652 stars 179 forks source link

SiLK IPSet output support #122

Open moofusecurity opened 9 years ago

moofusecurity commented 9 years ago

Added support for outputting SiLK IPSet files - useful when analysing flows.

moofusecurity commented 9 years ago

To use this requires that PySiLK is installed, this comes with the SiLK: http://tools.netsa.cert.org/silk/download.html

In RHEL/Centos you can install via RPM: https://forensics.cert.org/

krmaxwell commented 9 years ago

Thanks for the PR! I'm looking at the code now, and @alexcpsec will probably have a few things for you as well. I'm not that familiar with SiLK, will take a look at that too.

alexcpsec commented 9 years ago

Thanks for the PR, @moofusecurity ! I need to send you a CLA before we merge this. Could you please e-mail me at alexcp -at- mlsecproject.org so I can have an address to send it to?

alexcpsec commented 9 years ago

CLA is signed. We may proceed with analysis. :)