Open AlyaGomaa opened 6 months ago
Thanks! yes, the comment with the description was not moved form our internal system. Here is the data:
Slips. Version 1.0.12 (d697955f) https://stratosphereips.org/
macos m1 for p2p
- Detected DNS answer with a blacklisted IP: 46.101.206.53 for query: urlhaus-api.abuse.chAS: DIGITALOCEAN-ASN, US AS14061SNI: urlhaus-api.abuse.ch Descripti
on: IP is not expected be delivering unauthenticated SMTP email to any Internet mail server, such as dynamic and residential IP space. Source: PBL Spamhaus
Maintained, spamhaus. threat level: medium.
This alert should not have happened, since that domain is whitelisted and the DNS query had it
whitelist.conf
domain,urlhaus-api.abuse.ch,both,alerts Same with
doesn't matter the pcap, we can test with any pcap
Created by Sebastian Garcia via monday.com integration. 🎉