Wanted to share this proof of concept script I wrote to test out Arcsight's Common Event Format (CEF).
Essentially it grabs the latest list of known malware/bot IP's from SRI's Malware Threat Center and excellent resource for tracking malicious domains and spits them out to Arcsight via CEF Syslog.
Downloads:
malwarefeed.py
No comments:
Post a Comment