02-25-2015 07:21 PM - edited 03-12-2019 05:38 AM
Hi Everyone,
I read that Security Intelligence Feed download IPs that have bad reputation from Sourcefire cloud.
But when I click on Security intelligence feeds I see no IP address.
Does anyone can please tell me where I can find blacklist IP's ?
Regards
MAhesh
Solved! Go to Solution.
02-26-2015 04:07 AM
The security intelligence data is considered proprietary and so the content of those lists is not made public.
05-07-2015 12:58 PM
You can view the list of Security Intelligence IP addresses from the CLI of the Defense Center. You'll want to issue the following commands after logging in:
1. sudo su
2. cd /var/sf/iprep_download
In this directory, there is a file called rep_dd.yaml. You can view this text file to find the UUID associated with each category, such as "attackers".
There should be a file in the /var/sf/iprep_download directory named for that UUID, for example 5a0b6d6b-e2c3-436f-b4a1-48248b330a26. You can view this file using the "less" command in order to see the IP addresses that are currently included for that particular category.
02-26-2015 04:07 AM
The security intelligence data is considered proprietary and so the content of those lists is not made public.
02-26-2015 07:52 AM
Many thanks for answering the question.
05-07-2015 12:58 PM
You can view the list of Security Intelligence IP addresses from the CLI of the Defense Center. You'll want to issue the following commands after logging in:
1. sudo su
2. cd /var/sf/iprep_download
In this directory, there is a file called rep_dd.yaml. You can view this text file to find the UUID associated with each category, such as "attackers".
There should be a file in the /var/sf/iprep_download directory named for that UUID, for example 5a0b6d6b-e2c3-436f-b4a1-48248b330a26. You can view this file using the "less" command in order to see the IP addresses that are currently included for that particular category.
05-09-2015 07:16 AM
Many thanks Cochran for answering the Question.
I will test this.
Regards
Mahesh
05-14-2015 08:01 AM
You can find out which Security Intelligence List/Feed an IP address is listed in (if any) with the following command on the CLI of the DC:
grep -A2 $(basename $(grep -l $1 /var/sf/iprep_download/*)) /etc/sf/iprep_sources.conf
CP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide