CIF – cleanmx threat feeds

Good Day today indeed. Have finally got some time to work on my skills for CIF and writing configuration (YAML scripts) to fetch open source threat feeds.

Started with a disabled configuration (/etc/cif/rules/disabled/cleanmx.cfg) for cleanmx. The cleanmx.cfg file provided should be referenced for the remote sites and id for cleanmx, that will require to write yml script.

The threat feed is provided in XML format and remote site link can be fetched either from the config file or directly from the cleanmx site (support.clean-mx.de). I will always recommend to check the links for the feeds on the browser regularly to see whether it is responding and whether it is correct link to fetch the feeds. Sometimes they change.

YML script is available on my github account – https://github.com/makflwana/CIF-Threat-Feeds-and-parsers

I will be writing more scripts to fetch open source threat feeds. If you guys have any threat feeds that are open source and not covered yet please let me know.

Happy Hunting!!!!!!!

Advertisements

2 thoughts on “CIF – cleanmx threat feeds

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s