Am planning on fetching a list of bad IP addresses and update Cisco ASA network object thru API, of course I need to upgrade ASA to at least 9.3 to get API support. But before I go ahead and do that I'd like to get an input from this forum users, if there is any. |
Krypt0ni8 21 Posts |
thread locked Quote Subscribe |
Jun 8th 2016 5 years ago |
That function works if that's the question. While a threat intel feed can be helpful, applying it with full tust that all the bad IPs in the list or feed are really "bad" is rarely a good idea |
Rob VandenBrink 577 Posts ISC Handler |
Thread locked. Quote |
Jun 21st 2016 5 years ago |
Quoting Rob VandenBrink:That function works if that's the question. While a threat intel feed can be helpful, applying it with full tust that all the bad IPs in the list or feed are really "bad" is rarely a good idea I saw a website posted on one of your diaries that have a list of TOR exit node which gets updated every 30 minutes, without getting into why I thought to myself maybe we should try this and block TOR on the edge FW. if you have any other sufficient solution please do share. |
Krypt0ni8 21 Posts |
Thread locked. Quote |
Jun 21st 2016 5 years ago |
you can use our API. For example: isc.sans.edu/api/threatlist/… (or isc.sans.edu/api/threatlist/… if you prefer it in that format) |
Johannes 4476 Posts ISC Handler |
Thread locked. Quote |
Jun 21st 2016 5 years ago |
Quoting Johannes:you can use our API. For example: https://isc.sans.edu/api/threatlist/torexit (or https://isc.sans.edu/api/threatlist/torexit?json if you prefer it in that format) I just created/tested a python script that loops thru "ipv4" json list. I didn't need to put in my api's key is that ok?? |
Krypt0ni8 21 Posts |
Thread locked. Quote |
Jun 21st 2016 5 years ago |
Correct. No authentication is required for our public APIs. Do me a favor and add an e-mail address to the user agent. That way, if there is a problem, I know who to contact instead of just blocklisting you :) |
Johannes 4476 Posts ISC Handler |
Thread locked. Quote |
Jun 21st 2016 5 years ago |
Quoting Johannes:Correct. No authentication is required for our public APIs. Do me a favor and add an e-mail address to the user agent. That way, if there is a problem, I know who to contact instead of just blocklisting you :) Script updated/tested with user agent = '(Krypt0ni8)email' |
Krypt0ni8 21 Posts |
Thread locked. Quote |
Jun 21st 2016 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!