Splunk Enterprise Security

What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

daniel333
Builder

All,

Anyone have a list of all the URL's IPs I need to open Splunk Enterprise Security up to for its threat lists? I have to get the firewall exceptions places in this week, but won't have the actual Splunk bits for a few more weeks.

thanks
-Daniel

jwelch_splunk
Splunk Employee
Splunk Employee
| rest splunk_server=local count=0 /services/data/inputs/threatlist | search url!=lookup* | table title, url

These can obviously change with future upgrades and / or releases. Also the IP's could change by the service providers as well.

jwelch_splunk
Splunk Employee
Splunk Employee

missed the part about you not having the access. excuse the formatting

alexa_top_one_million_sites
https://s3.amazonaws.com/alexa-static/top-1m.csv.zip

emerging_threats_compromised_ip_blocklist https://rules.emergingthreats.net/blockrules/compromised-ips.txt

emerging_threats_ip_blocklist
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

hailataxii_malware
http://hailataxii.com/taxii-data

iblocklist_logmein

http://list.iblocklist.com/?list=logmein

iblocklist_piratebay

http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb

iblocklist_proxy

http://list.iblocklist.com/?list=bt_proxy

iblocklist_rapidshare

http://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw

iblocklist_spyware

http://list.iblocklist.com/?list=bt_spyware

iblocklist_tor

http://list.iblocklist.com/?list=tor

iblocklist_web_attacker
http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag

icann_top_level_domain_list
https://data.iana.org/TLD/tlds-alpha-by-domain.txt

malware_domains
http://mirror1.malwaredomains.com/files/domains.txt

maxmind_geoip_asn_ipv4 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip

maxmind_geoip_asn_ipv6 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2v6.zip

mozilla_public_suffix_list

https://publicsuffix.org/list/effective_tld_names.dat

phishtank

https://data.phishtank.com/data/online-valid.csv.gz

sans

https://isc.sans.edu/block.txt

zeus_bad_ip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=badips

zeus_standard_ip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

0 Karma

georgen_splunk
Splunk Employee
Splunk Employee

thanks, Okie!

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!