-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathmain.zeek
46 lines (46 loc) · 3.57 KB
/
main.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
##! Load Intel Framework
@load policy/integration/collective-intel
@load policy/frameworks/intel/seen
@load policy/frameworks/intel/do_notice
redef Intel::read_files += {
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-ipblocklist.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-malware.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-threatfox-ip.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-urlhaus.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ja3-fingerprints.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/alienvault.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/atomspam.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/Amnesty_NSO_Domains.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/binarydefense.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/censys.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cloudzy.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cobaltstrike_ips.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/compromised-ips.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps-collected-iocs.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/Cyber_Threat_Coalition_Domain_Blacklist.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/drb_ra_domain.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/drb_ra_ip.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/drb_ra_ip_unverified.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/ellio.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/fangxiao.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/filetransferportals.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/illuminate.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/inversion.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/illuminate_ja3.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/james-inthe-box.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/lockbit.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/log4j_ip.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/mirai.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/openphish.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/predict_intel.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/ragnar.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/rdpsnitch.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/rutgers.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/salesforce-ja3-fingerprints.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/sans.intel",
# "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/scumbots.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/shadowwhisperer-malware.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/sip.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/stalkerware.intel",
"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/tor-exit.intel",
};