On Fri, Jun 15, 2012 at 7:08 AM, C. L. Martinez <[email protected]> wrote: > Hi all, > > Somebody knows some confident reputation lists to use with OSSEC like > for example > http://labs.alienvault.com/labs/index.php/projects/open-source-ip-reputation-portal/download-ip-reputation-database?? > > Thanks.
OSSEC doesn't really support reputations. It's pretty black or white, although I guess you could do something with rule levels. I use a number of sites like http://www.malwaredomainlist.com/ to create lists of suspected bad domains. I then monitor my DNS logs with OSSEC and compare the queried domains to a cdb of suspected bad domains. I can also check the responses for IPs that I find to be suspicious.
