Threat Intelligence database

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Threat Intelligence database

Unread post by faris »

What does TI do these days?

"aum -u" mentions that there's a "Threat Intelligence database" update (or not, if it is up to date).

What does this database contain? What is it used for? How is it used? I thought TI was RBL based?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4136
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Threat Intelligence database

Unread post by mikeshinn »

Theres both an RBL based compontent, and a local component. The local database is checked first and if an IP isnt on the local DB the remote component is checked. This varies for different protocols, some only the local component is used (RBL might be too slow for that protocol), and for others only the remote component is used if the database changes too quickly for a local cache to be useful. The local TI also contains any third party caches, in the same way.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Threat Intelligence database

Unread post by faris »

Thanks Mike.

Errr.. please don't forget my request for rsync access to the RBL.....
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply