Add more Lookup providers and file hashes #25
Comments
|
Basically same features as threat pinch implemented into Graylog threat Intel. Also I'd like to add malware domains lists as well |
joschi
changed the title
|
We'll start looking into this really soon! |
|
Emerging threats pulls from hereL |
|
Hi Gents, Sounds good to have a generic lookup feature for log enrichment in particular for otx, virustotal and misp hashes. 👍 Find below some additionnal free sources I'd like to use to enrich my logs with : http://rules.emergingthreats.net/blockrules Cheers |
|
I have Graylog parse and add an MD5 field for each file executed on windows systems, can we add MD5 file checking: OTX already support MD5/SHA256/imphash lookup: API Examples: |
|
VirusTotal file hash lookups would be very useful for use in combination with messages received from sysmon. |
|
how is this going ? will it be added soon ? |
|
The current options of TOR, abuse.ch (seems to be discontinued: https://ransomwaretracker.abuse.ch/) and Spamhaus are just not enough these days. AFAIK AlienVault's OTX isn't part of the Threat Intel Plugin any longer. Additional integrations are badly needed. |
Please add the following IOC's and lookups, I'd like to use Sysmon Hash checks as well:
IPv4
MD5
SHA1
SHA256
CVE
FQDN (EFQDN is for Internet FQDN, IFQDN is for internal domains)
ThreatMiner for IPv4, FQDN, MD5, SHA1 and SHA2 lookups.
Alienvault OTX for IPv4, MD5, SHA1 and SHA2 lookups.
IBM X-Force Exchange for IPv4, EFQDN lookups.
VirusTotal for MD5, SHA1, SHA2 and FQDN lookups.
Cymon.io for IPv4 lookups.
CIRCL (Computer Incident Response Center Luxembourg) for CVE lookups.
PassiveTotal for FQDN Whois lookups
MISP for MD5 and SHA2 (If you want more submit an issue in this github)
Censys.io for IPv4 lookups
Shodan for IPV4 lookups
The text was updated successfully, but these errors were encountered: