Actions
Feature #14875
open
Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
Hello fellow pfSense Redmine members,
I noticed in Snort we have a resolve IP address option however, time and time again I find myself constantly going to Virustotal's website to check on single IP addresses for invasive activity. Today I noticed that VirusTotal has an API key option. Leading to, is there anyway to add in an option for a IP address check with something like VirusTotal or another analysis site? I know we can dump the logs into Security Onion or Kibana. Again, it would be really nice if we could check a single IP address on the fly in Snort's GUI dashboard and get a quick check with a reply similar to VirusTotal's one time IP address check.
Files
| Screenshot 2023-10-13 at 8.56.11 PM.png (721 KB) Screenshot 2023-10-13 at 8.56.11 PM.png | What if we could have a quick check outside of just resolve |
Updated by 
Actions