IP Correlation
CS Lee
geek00l at gmail.com
Tue Aug 3 08:47:10 EDT 2010
hi guys,
Additionally, I have IP data in Argus correlating with other data sources
such as "emering-threats" stuffs, spambot and so forth, all you need to do
is actually convert those data in csv format(2 columns)(I have scripts to
convert them too) and dump them into lookup directory, there is one simple
example config that I put in the props.conf if iirc too.
So with that setup basically you can correlate IP that you obtain from argus
data to any external data sources and this helps you to determine any bad ip
immediately appeared in the list and it is done automatically. However if
you want to run ip address matching quickly on argus data file itself, use
rafilteraddr as it is freaking fast.
Cheers
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100803/e5883b51/attachment.html>
More information about the argus
mailing list