Skip to content

DShield#

README

DShield#

DShield is a community-based collaborative firewall log correlation system. It receives logs from volunteers worldwide and uses them to analyze attack trends.

The analyzer comes in just one analyzer that returns info of submitted ip.

Requirements#

No configuration is required.

DShield_lookup#

Author: Xavier Xavier, SANS ISC
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
Registration required: False
Subscription required: False
Free subscription: True
Third party service: https://isc.sans.edu/

Description#

Query the SANS ISC DShield API to check for an IP address reputation.

Configuration#

No specific configuration required.

Templates samples for TheHive#

DShield: long report


Last update: November 15, 2021 06:39:12