Hi all,
Sorry if it is a stupid question, but how can I extract info from the several bots to re-use them in SIEM, IDS, etc.?
Thanks,
Hi,
I am not aware of any existing (public) code that does this.
Sebastian
On 11/13/2017 02:49 PM, C. L. Martinez wrote:
Hi all,
Sorry if it is a stupid question, but how can I extract info from the several bots to re-use them in SIEM, IDS, etc.?
Thanks,
Sorry for me jumping in but I assume C.L. Martinez means if he can use the *data* which IntelMQ processes and use that in SIEMs , IDSes, etc. Right?
If so.... yes! You can. However, IntelMQ focuses on fetching, collecting, filtering and enriching feeds and bringing it into an internal format. It also has several output "bots" which allow you to send the data nearly everywhere. On way would be the syslog format. Or the film output. And this you can put into your SIEMs , IDSes etc.
It depends of course what IDSes , SIEMs you use.... But , yes, ... it is possible and even quite easy.
Best, a.
On 28 Nov 2017, at 12:32, Sebastian Wagner wagner@cert.at wrote:
Hi,
I am not aware of any existing (public) code that does this.
Sebastian
On 11/13/2017 02:49 PM, C. L. Martinez wrote:
Hi all,
Sorry if it is a stupid question, but how can I extract info from the several bots to re-use them in SIEM, IDS, etc.?
Thanks,
-- // Sebastian Wagner wagner@cert.at - T: +43 1 5056416 7201 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - https://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
-- Listen-Einstellungen: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
Many thanks Aaron. But, where is the film ouptut?
On Tue, Nov 28, 2017 at 12:35 PM, L. Aaron Kaplan kaplan@cert.at wrote:
Sorry for me jumping in but I assume C.L. Martinez means if he can use the *data* which IntelMQ processes and use that in SIEMs , IDSes, etc. Right?
If so.... yes! You can. However, IntelMQ focuses on fetching, collecting, filtering and enriching feeds and bringing it into an internal format. It also has several output "bots" which allow you to send the data nearly everywhere. On way would be the syslog format. Or the film output. And this you can put into your SIEMs , IDSes etc.
It depends of course what IDSes , SIEMs you use.... But , yes, ... it is possible and even quite easy.
Best, a.
On 28 Nov 2017, at 12:32, Sebastian Wagner wagner@cert.at wrote:
Hi,
I am not aware of any existing (public) code that does this.
Sebastian
On 11/13/2017 02:49 PM, C. L. Martinez wrote:
Hi all,
Sorry if it is a stupid question, but how can I extract info from the several bots to re-use them in SIEM, IDS, etc.?
Thanks,
-- // Sebastian Wagner wagner@cert.at - T: +43 1 5056416 7201 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - https://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
-- Listen-Einstellungen: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
On 05 Dec 2017, at 14:39, C. L. Martinez carlopmart@gmail.com wrote:
Many thanks Aaron. But, where is the film output?
sorry, I meant the file output. Damn you autocorrection.
On Tue, Nov 28, 2017 at 12:35 PM, L. Aaron Kaplan kaplan@cert.at wrote:
Sorry for me jumping in but I assume C.L. Martinez means if he can use the *data* which IntelMQ processes and use that in SIEMs , IDSes, etc. Right?
If so.... yes! You can. However, IntelMQ focuses on fetching, collecting, filtering and enriching feeds and bringing it into an internal format. It also has several output "bots" which allow you to send the data nearly everywhere. On way would be the syslog format. Or the film output. And this you can put into your SIEMs , IDSes etc.
It depends of course what IDSes , SIEMs you use.... But , yes, ... it is possible and even quite easy.
Best, a.
On 28 Nov 2017, at 12:32, Sebastian Wagner wagner@cert.at wrote:
Hi,
I am not aware of any existing (public) code that does this.
Sebastian
On 11/13/2017 02:49 PM, C. L. Martinez wrote:
Hi all,
Sorry if it is a stupid question, but how can I extract info from the several bots to re-use them in SIEM, IDS, etc.?
Thanks,
-- // Sebastian Wagner wagner@cert.at - T: +43 1 5056416 7201 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - https://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
-- Listen-Einstellungen: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
-- Listen-Einstellungen: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg