Categorization of Addresses #11470

captain118 · 2023-10-04T19:06:56Z

captain118
Oct 4, 2023

I'm new to security onion and have recently set it up at home. I've been wondering if there is there a way to add categorization of ip addresses to security onion? It would be nice if I could at a glance know if a particular address is associated with C&C, porn, malware, etc.

reyesj2 · 2023-10-10T14:34:52Z

reyesj2
Oct 10, 2023
Maintainer

This is not a direct feature of Security Onion, but what you could do is ingest data from say MISP or AbuseCH through an elasticagent integration.
https://docs.securityonion.net/en/2.4/elastic-fleet.html?highlight=integration#adding-an-integration
You'd then have to setup an enrich policy, but from that you could do what you're looking for and have IPs get mapped to any hits in AbuseCH or MISP threat intel.

https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Categorization of Addresses #11470

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Categorization of Addresses #11470

Uh oh!

captain118 Oct 4, 2023

Replies: 1 comment

Uh oh!

reyesj2 Oct 10, 2023 Maintainer

captain118
Oct 4, 2023

reyesj2
Oct 10, 2023
Maintainer