Skip to content

eCrimeLabs/securityonion-ecrimelabs

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
LICENSE
 
 
README.md
 
 
configure-ecrimelabs
 
 
download-ecrimelabs
 
 
ecrimelabscfg
 
 
setup-ecrimelabs
 
 

README.md

SecurityOnion-eCrimeLabs

Implementation of information from MISP through the eCrimeLabs API and into SecurityOnion

Prerequisites:

  • Security Onion (installed,configured)
  • eCrimeLabs Broker API access and API Key
  • Download and Configure (on Master or Standalone)

Clone the repo:

git clone https://github.com/eCrimeLabs/securityonion-ecrimelabs

Run the setup script:

sudo bash securityonion-ecrimelabs/setup-ecrimelabs

Update rules (if desired):

/usr/sbin/download-ecrimelabs
sudo rule-update

Confirm rules in place:

cat /etc/nsm/rules/alert.ecrimelabs.rules
cat /etc/nsm/rules/incident.ecrimelabs.rules

Confirm Bro Intel in place:

cat /opt/bro/share/bro/intel/ecrimelabs-intel.dat

A cron job will run every 2 hours to download new NIDS rules and Intel.

Remember to modify ecrimelabscfg

The setup will allways pull the incident feed, and here from it is up to the individual implementation on what other feeds will be extracted.

About

Implementation of informaiton from MISP through the eCrimeLabs API and into SecurityOnion

Topics

securityonion misp ecrimelabs

Resources

Readme

License

MIT license

Stars

6 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages