Disable Threat Intelligence feeds and processing

Temporarily disable TI blocklist checking while preserving GeoIP
and other correlation features. This affects feed downloads,
initialization, and runtime processing.

Author: JocLRojas

correlation/Dockerfile

@@ -14,8 +14,8 @@ RUN wget -O /app/asn-blocks-v6.csv https://cdn.utmstack.com/geoip/asn-blocks-v6.
 RUN wget -O /app/blocks-v4.csv https://cdn.utmstack.com/geoip/blocks-v4.csv
 RUN wget -O /app/blocks-v6.csv https://cdn.utmstack.com/geoip/blocks-v6.csv
 RUN wget -O /app/locations-en.csv https://cdn.utmstack.com/geoip/locations-en.csv
-RUN wget -O /app/ip_level1.list.tar.gz https://intelligence.threatwinds.com/api/feeds/v1/download/list/level1/accumulative/ip && cd /app && tar -xf ip_level1.list.tar.gz
-RUN wget -O /app/ip_level2.list.tar.gz https://intelligence.threatwinds.com/api/feeds/v1/download/list/level2/accumulative/ip && cd /app && tar -xf ip_level2.list.tar.gz
-RUN wget -O /app/ip_level3.list.tar.gz https://intelligence.threatwinds.com/api/feeds/v1/download/list/level3/accumulative/ip && cd /app && tar -xf ip_level3.list.tar.gz
+# RUN wget -O /app/ip_level1.list.tar.gz https://intelligence.threatwinds.com/api/feeds/v1/download/list/level1/accumulative/ip && cd /app && tar -xf ip_level1.list.tar.gz
+# RUN wget -O /app/ip_level2.list.tar.gz https://intelligence.threatwinds.com/api/feeds/v1/download/list/level2/accumulative/ip && cd /app && tar -xf ip_level2.list.tar.gz
+# RUN wget -O /app/ip_level3.list.tar.gz https://intelligence.threatwinds.com/api/feeds/v1/download/list/level3/accumulative/ip && cd /app && tar -xf ip_level3.list.tar.gz
 RUN mkdir -p /app/rulesets && git clone --depth 1 https://github.com/utmstack/rules.git /app/rulesets/system
 ENTRYPOINT [ "/run.sh" ]

correlation/api/newLogHandler.go

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/threatwinds/go-sdk/catcher"
-	"github.com/utmstack/UTMStack/correlation/ti"
+	// "github.com/utmstack/UTMStack/correlation/ti"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -79,7 +79,7 @@ func NewLog(c *gin.Context) {
 	}
 
 	cache.AddToCache(l)
-	ti.Enqueue(l)
+	// ti.Enqueue(l)
 	search.AddToQueue(l)
 	response["status"] = "queued"
 	c.JSON(http.StatusOK, response)

correlation/main.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/utmstack/UTMStack/correlation/ti"
+	// "github.com/utmstack/UTMStack/correlation/ti"
 	"os"
 	"os/signal"
 	"syscall"
@@ -33,7 +33,7 @@ import (
 func main() {
 	sqldb.Connect()
 	geo.Load()
-	ti.Load()
+	// ti.Load()
 
 	rulesL := rules.GetRules()
 	for _, rule := range rulesL {
@@ -46,7 +46,7 @@ func main() {
 	go cache.ProcessQueue()
 	go search.ProcessQueue()
 	go statistics.Update()
-	go ti.IsBlocklisted()
+	// go ti.IsBlocklisted()
 
 	go func() {
 		gin.SetMode(gin.ReleaseMode)

correlation/ti/bases.go

@@ -1,54 +1,54 @@
 package ti
 
-import (
-	"bufio"
-	"os"
-	"path/filepath"
-
-	"github.com/threatwinds/go-sdk/catcher"
-)
-
-func Load() {
-	catcher.Info("Loading Threat Intelligence Feeds", nil)
-
-	var files = []string{
-		"ip_level1.list",
-		"ip_level2.list",
-		"ip_level3.list",
-	}
-
-	for _, file := range files {
-		var t string
-
-		switch file {
-		case "ip_level1.list":
-			t = "Low"
-		case "ip_level2.list":
-			t = "Medium"
-		case "ip_level3.list":
-			t = "High"
-		default:
-		}
-
-		f, err := os.Open(filepath.Join("/app", file))
-		if err != nil {
-			catcher.Error("Could not open file", err, nil)
-			continue
-		}
-
-		scanner := bufio.NewScanner(f)
-
-		for scanner.Scan() {
-			element := scanner.Text()
-			if element == "" {
-				continue
-			}
-
-			blockList[element] = t
-		}
-
-		_ = f.Close()
-	}
-
-	catcher.Info("Threat Intelligence feeds loaded", nil)
-}
+// import (
+// 	"bufio"
+// 	"os"
+// 	"path/filepath"
+
+// 	"github.com/threatwinds/go-sdk/catcher"
+// )
+
+// func Load() {
+// 	catcher.Info("Loading Threat Intelligence Feeds", nil)
+
+// 	var files = []string{
+// 		"ip_level1.list",
+// 		"ip_level2.list",
+// 		"ip_level3.list",
+// 	}
+
+// 	for _, file := range files {
+// 		var t string
+
+// 		switch file {
+// 		case "ip_level1.list":
+// 			t = "Low"
+// 		case "ip_level2.list":
+// 			t = "Medium"
+// 		case "ip_level3.list":
+// 			t = "High"
+// 		default:
+// 		}
+
+// 		f, err := os.Open(filepath.Join("/app", file))
+// 		if err != nil {
+// 			catcher.Error("Could not open file", err, nil)
+// 			continue
+// 		}
+
+// 		scanner := bufio.NewScanner(f)
+
+// 		for scanner.Scan() {
+// 			element := scanner.Text()
+// 			if element == "" {
+// 				continue
+// 			}
+
+// 			blockList[element] = t
+// 		}
+
+// 		_ = f.Close()
+// 	}
+
+// 	catcher.Info("Threat Intelligence feeds loaded", nil)
+// }