All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

IP Reputation App - Project HoneyPot website is under maintanance

BenTan
Path Finder
‎01-15-2017 09:23 PM

Hi,

Currently we are trying to deploy the IP Reputation App to monitor IP threatscore going through our Bluecoat proxy servers. However, all the threatscore returning is 0 and I tried to check the projecthoneypot.org and its under maintanance for more than 5 days now.

If the projecthoneypot server is down, does it mean this app will stop working?

Any help will be appreciated!

Regards,
Benjamin

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎01-16-2017 04:16 AM

Hi Benjamin,

thanks for reaching out and asking. It seems they are in maintenance mode - however unusually for so long.

The Splunk App here is using dns queries to their dns blacklist via: dnsbl.httpbl.org

i tried a nslookup of a test ip which i documented in the scorelookup.py and it tells me that the destination server is not reachable.

so let's wait some more time and see if the projecthoneypot service comes back - otherwise we need to remove the ip reputation app.

There are many out of the box threat intelligence lists (including Stix/open IOC support) in Splunk's Enterprise Security product (licensed). You can also utilise Apps from Kaspersky Threat Intelligence, Symantec, PhishMe, DomainTools etc.

However there is nothing i can change currently.

Br

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎11-27-2017 09:52 AM

Update:
Their website is back and everything working.

Reply
Solved! Jump to solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎04-04-2017 11:08 PM

Hello,
Quick update to this:

Seems the website is still under maintenance. Was looking to put the IP Reputation app offline. However i tried the service and it gives me the right responses through the DNS blacklist interface if you do nslookups. So the IP lookups are working - just not sure what quality it is currently.

You can follow their upgrade and maintenance updates on the twitter feed of projecthoneypot:
https://twitter.com/projecthoneypot

best

0 Karma
Reply
Solved! Jump to solution
Solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎01-16-2017 04:16 AM

Hi Benjamin,

thanks for reaching out and asking. It seems they are in maintenance mode - however unusually for so long.

The Splunk App here is using dns queries to their dns blacklist via: dnsbl.httpbl.org

i tried a nslookup of a test ip which i documented in the scorelookup.py and it tells me that the destination server is not reachable.

so let's wait some more time and see if the projecthoneypot service comes back - otherwise we need to remove the ip reputation app.

There are many out of the box threat intelligence lists (including Stix/open IOC support) in Splunk's Enterprise Security product (licensed). You can also utilise Apps from Kaspersky Threat Intelligence, Symantec, PhishMe, DomainTools etc.

However there is nothing i can change currently.

Br

0 Karma
Reply
Solved! Jump to solution

BenTan
Path Finder
‎01-19-2017 08:53 PM

Hi,

Thanks for your suggestion! I ended up using Optiv Threat Intelligence App, althought still in the middle of configuration and troubleshooting for the app but it's a good start!

Once again, thank you. 🙂

Regards,
Benjamin

0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top