Thursday, January 13, 2011

ArcOSI 2.1 Released!









Just uploaded the newest version of ArcOSI Open Source Intelligence Utility for use with ArcSight ESM. I've added several new malware domain feeds and improved the code to handle connection errors, etc. I'm making time for this project now and will soon add support very soon for proxy and proxy-auth as this has been requested numerous times!

Thanks to everyone who has tested and just a reminder feel free to reach out directly if you have any issues, feedback or requests.

http://code.google.com/p/arcosi

-Greg

4 comments:

Anonymous said...

Please use mirror for malwaredomains

http://mirror1.malwaredomains.com/files/BOOT

Lucian Gabriel said...
This comment has been removed by the author.
Anonymous said...

Can you make a for dummies tutorial?

I am trying to make it work but the only events I have reported in Arcsight are "Agent Aggregate Event"

Gen said...

Hi Greg,

This is Gen and I am greatly interested on your tool.

However, I am experiencing issues when trying to dump the information generated by the tool locally and was not able to get it to work.


I edited the syslog.conf as follows:

*.* /var/log/messages
*.notice /var/log/messages
*.=notice /var/log/messages
*.daemon /var/log/messages
*.=daemon /var/log/messages

After running the tool, no output is written on /var/log/messages.

Your inputs will be much appreciated. Thank you in advance and more power!