Just in time for the ArcSight annual users conference I will be presenting on integrating Open Source Intelligence in ESM and have updated the original malwarefeed.py script with a version which can pull from multiple configurable sources!
If you want to give it a spin on your own environment now, download the python script version below and start streaming thousands of known malicious IP's right into ESM via CEF syslog.
http://code.google.com/p/arcosi/
usage: ./arcosi.py 127.0.0.1
1 comment:
Thank you for this tool.
One question: is it possible to modify the arcosi.py to work from behind a proxy server?
I'm new to Python and looked in the documentation, but lost myself in urllib2 details... Very unclear on this subject.
Best regards
Laszlo
Post a Comment