Thursday, August 12, 2010

ArcOSI - ArcSight Open Source Intelligence

Just in time for the ArcSight annual users conference I will be presenting on integrating Open Source Intelligence in ESM and have updated the original script with a version which can pull from multiple configurable sources!

If you want to give it a spin on your own environment now, download the python script version below and start streaming thousands of known malicious IP's right into ESM via CEF syslog.

usage: ./

1 comment:

Laszlo said...

Thank you for this tool.
One question: is it possible to modify the to work from behind a proxy server?
I'm new to Python and looked in the documentation, but lost myself in urllib2 details... Very unclear on this subject.
Best regards