![]() ![]() # Open exports folder and complete the operation. $counts | Export-csv "$($exports)Total_Numbers_$($date.month)_$($date.day)_$($date.year).csv" -NoTypeInformation $IPv4WL = Import-CSV "$whitelists\IPv4s.csv" | where | Select Hostnames,IPv4s,URLs,FileHashes,Emails,CVEs,Total Write-host "No previous CSV's to archive. Write-host "Archived previous CSVs into the archive folder" -foregroundcolor "Green" Move-Item $archive "$exports\archive\" -Force $archive = get-childitem "$exports\*.csv" # Archive previous days export into the archive folder. $ErrorActionPreference = "Silentl圜ontinue" We can easily pull in Alienvault OTX pulses into Security Onion and have Zeek utilize them for the Intel Framework by leveraging Stephen Hosoms work with. Write out pretty ascii art to the screen. $hostnames = our awesome ascii art into an array The reason for this is that their threat feed is. # How old are indicators allowed to be in days As a source of threat IOC information, I have chosen the AlienVault Open Threat Exchange (OTX) service. # Define Main Function, set variables to Null, and then define as arrays. # Powershell script to pull indicators from Alien Vault Opensource Threat Exchange(OTX) and export to CSVs for importing into Arcsight or other SIEM. This script is located on my Github, and will have the most recent updated version. Widely available online, these feeds record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. It gathers each indicator by type, IE: IPv4, URL, Hostname etc, and then exports each seperate indicator type into CSV files that can be imported into another system like your SIEM. A List of the Best Open Source Threat Intelligence Feeds By: Gedalyah Reback Threat intelligence feeds are a critical part of modern cybersecurity. I work in a primarily windows workstation environment and Powershell is my goto language for just about everything since since it is native on every system since Windows 7.īelow is a script I developed to gather indicators from all subscribed pulses on OTX with powershell. ![]() So I wanted to automate IoC(Indicators of Compromise) collection and discovered AlienVault OTX product. Enabling the AlienVault OTX Service Go to RESOURCES > Malware Domains> select the OTX service you defined. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |