Thursday, October 22, 2009

Importing Known Malware IP's to Arcsight ESM

Wanted to share this proof of concept script I wrote to test out Arcsight's Common Event Format (CEF).

Essentially it grabs the latest list of known malware/bot IP's from SRI's Malware Threat Center and excellent resource for tracking malicious domains and spits them out to Arcsight via CEF Syslog.


No comments: