[IntelMQ-dev] Default crontab values for local lookup-databases update

Sebastian Wagner wagner at cert.at
Wed Feb 17 19:05:49 CET 2021


Dear devs,

Thanks to Filip (CZ.NIC) IntelMQ comes now with an update mechanism for
local lookup databases like TOR exit nodes, IP address to ASN ("ASN
Lookup") and Maxmind GeoIP (IP address geolocation)[0]. Also, IntelMQ
ships with update scripts for cron which are included in the deb/rpm
packages as well.

Currently the update scripts are scheduled as follows[1]:

* TOR nodes: once per day. The database is very small.
* Maxmind GeoIP: Once per week. Changes are scarce.
* ASN Lookup: Every two hours. Big database, but the data is vital for
subsequent routing of incidents.

I'd like to hear your opinion if the default values are ok to ship with
2.3.0, especially for the last one.

best regards,
Sebastian

[0]: https://github.com/certtools/intelmq/pull/1524
[1]:
https://github.com/certtools/intelmq/blob/24f2355d0c549021a713c938d1d69a52134167c2/debian/cron.d/intelmq-update-database

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20210217/53bce70a/attachment.sig>


More information about the IntelMQ-dev mailing list