Skip to content




FireJOLBlocklists is a composition of other IP lists. The objective is to create a blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs.

The analyzer comes in a single flavout that will return if provided ip is in block list and link to its report.


You need to clone original repo on the cortex machine [git clone] and update relative path in blocklistpath variable.


Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
Registration required: False
Subscription required: False
Free subscription: False
Third party service:


Check IP addresses against the FireHOL blocklists


blocklistpath Path to blocklists
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

FireHOL Blocklists: long report

Last update: November 15, 2021 06:39:12