New alarm: Abuse.ch SSLBL SSL Certificate Blacklist #126
Labels
alarm
Related to RedELK alarms
elkserver
Related to RedELK server components
enhancement
New feature or request
Comments
|
The question is what do we check and compare to the blacklist. Right now, RedELK has no config option or no automated way for knowing the certificate used in the operation. This should be included as well before we can check against a black list. Getting that info is prolly not straight-forward. Also, the chance of a red team ops cert being marked by abuse.ch is small (they mostly collect certs from bigger malware/worms/cryptolockers/etc). So this alarm should be regarded as low priority for now. |
fastlorenzo
added
elkserver
|
After discussion with @fastlorenzo we are moving this out of the beta6 milestone, lower prio. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Create new alarm for Abuse.ch SSLBL SSL Certificate Blacklist
The text was updated successfully, but these errors were encountered: