Data Adapter for Emerging threats IP List


(Ionstorm) #1

What would be the most efficient way to pull in a IP List from a URL without having two column’s or csv/dsv format?
I’d like to pull in https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt


(Jan Doberstein) #2

He @ion-storm

the main problem with that list is that it is not “clean” - currently Graylog is very strict. No duplicated entries are allowed in DSV, no additional spaces between the lines.

So in general you could just check in a list like ( https://rules.emergingthreats.net/blockrules/compromised-ips.txt ) just the existence of one IP. But as your list included spaces, comments and dupl. content it would need to be cleaned before you can use it with Graylog.

One other option (for the long run) would be to create a feature issue that the DSV Lookup Table is a little more relaxed (or can be configured to be) over at github: https://github.com/Graylog2/graylog2-server/issues


(system) closed #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.