Skip to content

FireHOLBlocklists#

README

FireJOLBlocklists#

FireJOLBlocklists is a composition of other IP lists. The objective is to create a blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs.

The analyzer comes in a single flavout that will return if provided ip is in block list and link to its report.

Requirements#

You need to clone original repo on the cortex machine [git clone https://github.com/firehol/blocklist-ipsets] and update relative path in blocklistpath variable.

FireHOLBlocklists#

Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://iplists.firehol.org/

Description#

Check IP addresses against the FireHOL blocklists

Configuration#

blocklistpath Path to blocklists
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

FireHOL Blocklists: long report


Last update: November 15, 2021 06:39:12