How to detect malicious activities
jessebowling at gmail.com
Fri Sep 26 09:31:46 EDT 2014
You might also consider the CIF project for aggregating public and private feeds (https://code.google.com/p/collective-intelligence-framework/). Once you have a source of IP data, you can use the rafilteraddr client to filter IP addresses out of the argus data for further action...Additionally you could use ralabel to add a label to flows which could later be filtered...It really depends on what you’d like to accomplish!
On Sep 26, 2014, at 9:07 AM, Mark Bartlett <mabartle at gmail.com> wrote:
> And emerging threats is good.
> On Sep 26, 2014 8:30 AM, "Monah Baki" <monahbaki at gmail.com> wrote:
> Hi all,
> We have Argus setup and running unfortunately we have no feeds in our company to inform us what malicious IP's or domains to look out for. Can Argus in a way be able to help us or we need some feed so we tell Argus what to search for.
> Are there any sites that provide malicious domains/IP's we can use with Argus?
More information about the argus