Monday, November 16, 2009

DIY Threat Monitoring System, Part 2

This is my Part 2 of DIY, Threat Monitoring System. Here is an example of several connectors to download some public lists and save them internally for further processing.

The script will download the following lists:
CBL, Phishtank, GoogleSafeBrowsing, Dshield, TOR Exit nodes, MalwareDomainList, MalwareURL.


1- You will need to install some perl modules first:
Net::Google::SafeBrowsing::UpdateRequest
XML::RSS::Parser::Lite
LWP::Simple
2- Make sure that you have rsync installed
3- Request access to CBL
4- Request an API key from phishtank
5- Request an API key from Google Safe Browsing
6- Insert the API keys into the script (look for INSERT YOUR KEY HERE)
7- Run the script
8- All downloaded lists are located in one folder /radaar/connectors/temp

Note that the script is a quick and dirty one, any suggestions for enhancements are welcomed.

No comments: