On Fri, May 23, 2014 at 9:14 AM, dan (ddp) <[email protected]> wrote: > On Thu, May 22, 2014 at 11:25 PM, PAL 18 <[email protected]> wrote: >> Does OSSEC support blocklists? (Dshield, Spamhaus, etc.) >> >> In particular, does it support automatically pulling the latest lists from >> their update url's? >> > > No, but the ossec manager only runs on unix-like systems, so the > interfaces to do that are readily available. It's fairly trivial to > write a script to download, parse, and update a list of IPs/domains > for OSSEC's cdb support. I've done it a number of times (it's an easy > script for languages I'm playing with). >
Actually, on that note, would it be helpful if someone gathered a number of these sources together in a cdb friendly format? I'm not sure the ToS of all of the lists would allow it, but it could be something to look at. We could throw it in an unrelated github project or something for easy updates. >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
