Can you share the script you've made? On Friday, May 23, 2014 9:16:00 AM UTC-4, dan (ddpbsd) wrote: > > On Fri, May 23, 2014 at 9:14 AM, dan (ddp) <[email protected] <javascript:>> > wrote: > > On Thu, May 22, 2014 at 11:25 PM, PAL 18 <[email protected]<javascript:>> > wrote: > >> Does OSSEC support blocklists? (Dshield, Spamhaus, etc.) > >> > >> In particular, does it support automatically pulling the latest lists > from > >> their update url's? > >> > > > > No, but the ossec manager only runs on unix-like systems, so the > > interfaces to do that are readily available. It's fairly trivial to > > write a script to download, parse, and update a list of IPs/domains > > for OSSEC's cdb support. I've done it a number of times (it's an easy > > script for languages I'm playing with). > > > > Actually, on that note, would it be helpful if someone gathered a > number of these sources together in a cdb friendly format? I'm not > sure the ToS of all of the lists would allow it, but it could be > something to look at. We could throw it in an unrelated github project > or something for easy updates. > > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected] <javascript:>. > >> For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
