Project

General

Profile

Actions

Feature #14875

open

Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically

Added by Jonathan Lee about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Hello fellow pfSense Redmine members,

I noticed in Snort we have a resolve IP address option however, time and time again I find myself constantly going to Virustotal's website to check on single IP addresses for invasive activity. Today I noticed that VirusTotal has an API key option. Leading to, is there anyway to add in an option for a IP address check with something like VirusTotal or another analysis site? I know we can dump the logs into Security Onion or Kibana. Again, it would be really nice if we could check a single IP address on the fly in Snort's GUI dashboard and get a quick check with a reply similar to VirusTotal's one time IP address check.

https://developers.virustotal.com/docs/api-overview


Files

Screenshot 2023-10-13 at 8.56.11 PM.png (721 KB) Screenshot 2023-10-13 at 8.56.11 PM.png What if we could have a quick check outside of just resolve Jonathan Lee, 10/14/2023 04:01 AM
Actions

Also available in: Atom PDF