Greg Martin's blog - InfoSecurity 2.0
Threat Research, Trending and analysis for normal humans
Thursday, October 22, 2009
Importing Known Malware IP's to Arcsight ESM
Wanted to share this proof of concept script I wrote to test out Arcsight's Common Event Format (CEF).
Essentially it grabs the latest list of known malware/bot IP's from
SRI's Malware Threat Center
and excellent resource for tracking malicious domains and spits them out to Arcsight via CEF Syslog.
Common Event Format
Post a Comment
Post Comments (Atom)