Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5569
Views
0
Helpful
5
Replies

Checking blacklist IP in Security Intelligence Feed

Go to solution
mahesh18
Level 6
Level 6

‎02-25-2015 07:21 PM - edited ‎03-12-2019 05:38 AM

 

Hi Everyone,

 

I read that Security Intelligence Feed download IPs that have bad reputation from Sourcefire cloud.

But when I click on Security intelligence feeds I see no IP address.

Does anyone can please tell me where I can find blacklist IP's ?

Regards

MAhesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
adhogan
Level 1
Level 1

‎02-26-2015 04:07 AM

The security intelligence data is considered proprietary and so the content of those lists is not made public.

View solution in original post

0 Helpful

Go to solution
a.cochran
Level 1
Level 1
In response to mahesh18

‎05-07-2015 12:58 PM

You can view the list of Security Intelligence IP addresses from the CLI of the Defense Center. You'll want to issue the following commands after logging in:

1. sudo su

2. cd /var/sf/iprep_download

In this directory, there is a file called rep_dd.yaml. You can view this text file to find the UUID associated with each category, such as "attackers".

There should be a file in the /var/sf/iprep_download directory named for that UUID, for example 5a0b6d6b-e2c3-436f-b4a1-48248b330a26. You can view this file using the "less" command in order to see the IP addresses that are currently included for that particular category.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
adhogan
Level 1
Level 1

‎02-26-2015 04:07 AM

The security intelligence data is considered proprietary and so the content of those lists is not made public.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to adhogan

‎02-26-2015 07:52 AM

 

Many thanks for answering the question.

0 Helpful

Go to solution
a.cochran
Level 1
Level 1
In response to mahesh18

‎05-07-2015 12:58 PM

You can view the list of Security Intelligence IP addresses from the CLI of the Defense Center. You'll want to issue the following commands after logging in:

1. sudo su

2. cd /var/sf/iprep_download

In this directory, there is a file called rep_dd.yaml. You can view this text file to find the UUID associated with each category, such as "attackers".

There should be a file in the /var/sf/iprep_download directory named for that UUID, for example 5a0b6d6b-e2c3-436f-b4a1-48248b330a26. You can view this file using the "less" command in order to see the IP addresses that are currently included for that particular category.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to a.cochran

‎05-09-2015 07:16 AM

 

Many thanks Cochran for answering the Question.

I will test this.

 

Regards

Mahesh

0 Helpful

Go to solution
cunningpike
Level 1
Level 1

‎05-14-2015 08:01 AM

You can find out which Security Intelligence List/Feed an IP address is listed in (if any) with the following command on the CLI of the DC:

 

grep -A2 $(basename $(grep -l $1 /var/sf/iprep_download/*)) /etc/sf/iprep_sources.conf

 

CP

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card