Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@Homas
Homas committed Apr 25, 2021
2 parents 96bc386 + 4624f6f commit 31d8207
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 8 deletions.
2 changes: 0 additions & 2 deletions README.md
View file
Expand Up @@ -374,9 +374,7 @@ kdig @94.130.30.123 -y hmac-sha256:ioc2rpz-YOUR-UNIQUE-KEY-NAME:ioc2rpz-YOUR-UNI
```

## Some free threat intelligence feeds
- [DNS-BH – Malware Domain Blocklist by RiskAnalytics](http://www.malwaredomains.com/)
- [Netlab](http://data.netlab.360.com)
- [Tor Exit Nodes](https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv)
- [awesome-threat-intelligence list on GitHub](https://github.com/hslatman/awesome-threat-intelligence)

You can find other IOC feeds on the wiki-page: https://github.com/Homas/ioc2rpz/wiki/IOC-Sources.
Expand Down
7 changes: 1 addition & 6 deletions cfg/ioc2rpz.conf
View file
@@ -1,4 +1,4 @@
%Copyright 2017-2019 Vadim Pavlov ioc2rpz[at]gmail[.]com
%Copyright 2017-2021 Vadim Pavlov ioc2rpz[at]gmail[.]com
%
%Licensed under the Apache License, Version 2.0 (the "License");
%you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -53,9 +53,6 @@
%Hajime botnet
{source,{"bot.list","http://data.netlab.360.com/feeds/hajime-scanner/bot.list","[:AXFR:]","ip=([0-9\.]+)$","0",0}}.

%Tor exit nodes - IP only.
{source,{"tor-exit","https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv","[:AXFR:]",none}}.

%Phishtank
{source,{"phishtank","http://data.phishtank.com/data/c8d56947d2b98153e0d93cfcad78cb2cff6095aac94ad1143cebe2c62e502a87/online-valid.csv","","^[0-9]+\,[^\/]*\/\/([^\/]+)[^\,]+,[^\,]+
,[^\,]+,yes,"}}.
Expand All @@ -81,8 +78,6 @@
{rpz,{"local.ioc2rpz",7202,3600,2592000,7200,"true","true","nodata",["dnsproxykey_1","dnsproxykey_2"],"mixed",120,60,["small_ioc"],["192.168.43.1","192.168.43.32"],[]}}.
%IP based feed
{rpz,{"bots-ip.ioc2rpz",7202,3600,2592000,7200,"true","true","nxdomain",["dnsproxykey_1","dnsproxykey_2"],"ip",172800,0,["bot.list"],[],[]}}.
%Non cacheable/live RPZ from a remote server
{rpz,{"tor-exit-ip.ioc2rpz",7202,3600,2592000,7200,"false","true","nxdomain",["dnsproxykey_1","dnsproxykey_2"],"ip",172800,0,["tor-exit"],[],[]}}.

%Non cacheable/live RPZ from a local file
{rpz,{"duplicate.ioc2rpz",7202,3600,2592000,7200,"false","false","nodata",["dnsproxykey_1"],"fqdn",3600,3600,["duplicate"],[],[]}}.
Expand Down

0 comments on commit 31d8207

Please sign in to comment.