FireHOLBlocklists#
README
FireJOLBlocklists#
FireJOLBlocklists is a composition of other IP lists. The objective is to create a blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs.
The analyzer comes in a single flavout that will return if provided ip is in block list and link to its report.
Requirements#
You need to clone original repo on the cortex machine [git clone https://github.com/firehol/blocklist-ipsets] and update relative path in blocklistpath variable.
FireHOLBlocklists#
Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://iplists.firehol.org/
Description#
Check IP addresses against the FireHOL blocklists
Configuration#
| blocklistpath | Path to blocklists |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
