All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

IP Reputation App - Project HoneyPot website is under maintanance

BenTan
Path Finder
‎01-15-2017 09:23 PM

Hi,

Currently we are trying to deploy the IP Reputation App to monitor IP threatscore going through our Bluecoat proxy servers. However, all the threatscore returning is 0 and I tried to check the projecthoneypot.org and its under maintanance for more than 5 days now.

If the projecthoneypot server is down, does it mean this app will stop working?

Any help will be appreciated!

Regards,
Benjamin

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎01-16-2017 04:16 AM

Hi Benjamin,

thanks for reaching out and asking. It seems they are in maintenance mode - however unusually for so long.

The Splunk App here is using dns queries to their dns blacklist via: dnsbl.httpbl.org

i tried a nslookup of a test ip which i documented in the scorelookup.py and it tells me that the destination server is not reachable.

so let's wait some more time and see if the projecthoneypot service comes back - otherwise we need to remove the ip reputation app.

There are many out of the box threat intelligence lists (including Stix/open IOC support) in Splunk's Enterprise Security product (licensed). You can also utilise Apps from Kaspersky Threat Intelligence, Symantec, PhishMe, DomainTools etc.

However there is nothing i can change currently.

Br

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎11-27-2017 09:52 AM

Update:
Their website is back and everything working.

Reply
Solved! Jump to solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎04-04-2017 11:08 PM

Hello,
Quick update to this:

Seems the website is still under maintenance. Was looking to put the IP Reputation app offline. However i tried the service and it gives me the right responses through the DNS blacklist interface if you do nslookups. So the IP lookups are working - just not sure what quality it is currently.

You can follow their upgrade and maintenance updates on the twitter feed of projecthoneypot:
https://twitter.com/projecthoneypot

best

0 Karma
Reply
Solved! Jump to solution
Solution

mmaier_splunk
Splunk Employee
Splunk Employee
‎01-16-2017 04:16 AM

Hi Benjamin,

thanks for reaching out and asking. It seems they are in maintenance mode - however unusually for so long.

The Splunk App here is using dns queries to their dns blacklist via: dnsbl.httpbl.org

i tried a nslookup of a test ip which i documented in the scorelookup.py and it tells me that the destination server is not reachable.

so let's wait some more time and see if the projecthoneypot service comes back - otherwise we need to remove the ip reputation app.

There are many out of the box threat intelligence lists (including Stix/open IOC support) in Splunk's Enterprise Security product (licensed). You can also utilise Apps from Kaspersky Threat Intelligence, Symantec, PhishMe, DomainTools etc.

However there is nothing i can change currently.

Br

0 Karma
Reply
Solved! Jump to solution

BenTan
Path Finder
‎01-19-2017 08:53 PM

Hi,

Thanks for your suggestion! I ended up using Optiv Threat Intelligence App, althought still in the middle of configuration and troubleshooting for the app but it's a good start!

Once again, thank you. 🙂

Regards,
Benjamin

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...