Thursday, January 13, 2011
ArcOSI 2.1 Released!
Just uploaded the newest version of ArcOSI Open Source Intelligence Utility for use with ArcSight ESM. I've added several new malware domain feeds and improved the code to handle connection errors, etc. I'm making time for this project now and will soon add support very soon for proxy and proxy-auth as this has been requested numerous times!
Thanks to everyone who has tested and just a reminder feel free to reach out directly if you have any issues, feedback or requests.
http://code.google.com/p/arcosi
-Greg
Subscribe to:
Post Comments (Atom)
4 comments:
Please use mirror for malwaredomains
http://mirror1.malwaredomains.com/files/BOOT
Can you make a for dummies tutorial?
I am trying to make it work but the only events I have reported in Arcsight are "Agent Aggregate Event"
Hi Greg,
This is Gen and I am greatly interested on your tool.
However, I am experiencing issues when trying to dump the information generated by the tool locally and was not able to get it to work.
I edited the syslog.conf as follows:
*.* /var/log/messages
*.notice /var/log/messages
*.=notice /var/log/messages
*.daemon /var/log/messages
*.=daemon /var/log/messages
After running the tool, no output is written on /var/log/messages.
Your inputs will be much appreciated. Thank you in advance and more power!
Post a Comment