Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Are there any public whitelist databases that can be used to filter good network traffic?

splunkboob
Explorer
‎04-13-2022 01:02 AM

i want to have an overview of malicious network traffic in my network and i decided to filter out all the "good" traffic to find the bad ones. I need a database of all the trusted IP addresses that contain the IPs of companies like social media (facebook, twitter etc), news (cnn, nbc etc), and all the other trusted websites that we often visit. is there a public database where all these IP addresses are kept so i can implement it on my splunk environment?

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-13-2022 01:15 AM

Hi @splunkboob,

for my knowledge, you can find many services (someone gratis, someone on payment) that share a list of malitious sites, IPs, etc..., but not a list ow secure sites.

If you can access the Enterprise Security you can have all the available sites, some example could be:

https://www.splunk.com/en_us/blog/tips-and-tricks/how-to-pick-a-threat-intelligence-provider-kind-of...

MISP

MITRE Att&cK

etc...

There are many apps in Splunkbase for these sources.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...