Reputation-Based Detection is one of the simplest yet most effective methods for detecting a threat. Multiple entities sharing intelligence about known IP addresses that have been a threat in the past can rapidly inform us about the future.
The goal of this assignment is to have you utilize one of these lists, build a basic script thatkeeps the list up-to-date and integrate the list with Suricata's alerts. In steps:
Note: Follow naming conventions for the message alert construction as well as appropriate logistic fields associated with each alert. Specify also the list that an alert came from in your message so that one can further investigate the threat associated with that alert.
You can utilize VirtualBox (or some other VM) to build your testing machines. Lab computers may be more appropriate if you load demanding machines. Useful distros include:
SO is by far the most demanding requiring a min of 8GB if ELK stack is utilized. With SELKS, you can get away with 3GB. SELKS contains ELK stack as well as Suricata as the main IDS. Kali is useful for pentests but many of these you can initiate from your host computer. If you do not have sudo access in the host machine check this guide if you need to build several tools from source: Installing with no sudo access
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here