Splunk Enterprise Security
Highlighted

What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

Builder

All,

Anyone have a list of all the URL's IPs I need to open Splunk Enterprise Security up to for its threat lists? I have to get the firewall exceptions places in this week, but won't have the actual Splunk bits for a few more weeks.

thanks
-Daniel

Highlighted

Re: What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

Splunk Employee
Splunk Employee
| rest splunk_server=local count=0 /services/data/inputs/threatlist | search url!=lookup* | table title, url

These can obviously change with future upgrades and / or releases. Also the IP's could change by the service providers as well.

Highlighted

Re: What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

Splunk Employee
Splunk Employee

missed the part about you not having the access. excuse the formatting

alexatoponemillionsites
https://s3.amazonaws.com/alexa-static/top-1m.csv.zip

emergingthreatscompromisedipblocklist https://rules.emergingthreats.net/blockrules/compromised-ips.txt

emergingthreatsip_blocklist
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

hailataxii_malware
http://hailataxii.com/taxii-data

iblocklist_logmein

http://list.iblocklist.com/?list=logmein

iblocklist_piratebay

http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb

iblocklistproxy

http://list.iblocklist.com/?list=bt
proxy

iblocklist_rapidshare

http://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw

iblocklistspyware

http://list.iblocklist.com/?list=bt
spyware

iblocklist_tor

http://list.iblocklist.com/?list=tor

iblocklistwebattacker
http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag

icanntopleveldomainlist
https://data.iana.org/TLD/tlds-alpha-by-domain.txt

malware_domains
http://mirror1.malwaredomains.com/files/domains.txt

maxmindgeoipasn_ipv4 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip

maxmindgeoipasn_ipv6 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2v6.zip

mozillapublicsuffixlist

https://publicsuffix.org/list/effective
tld_names.dat

phishtank

https://data.phishtank.com/data/online-valid.csv.gz

sans

https://isc.sans.edu/block.txt

zeusbadip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=badips

zeusstandardip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

0 Karma
Highlighted

Re: What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

Splunk Employee
Splunk Employee

thanks, Okie!

0 Karma