In December I found Critical Stack which adds Threat Intelligence feeds to the BRO network monitoring tool. I find that BRO is a good compliment to running SNORT due to the ability to report on the URLs in the network traffic, what software is being used ( although SNORT is trting to add this feature), additional information about encrypted sessions, and netwflow data.
Critical Stack is easy to setup and has a web interface to pick and choose which Threat Intelligence feed you want to use. It then automates the process of receiving updates from the feeds, which are used to flag traffic as it goes by.
Here is the link:
https://criticalstack.com/
Follow on Tritter: ITSECSAM
No comments:
Post a Comment