Page 1 of 1

Threat Intelligence database

Posted: Sat Jun 25, 2016 12:15 pm
by faris
What does TI do these days?

"aum -u" mentions that there's a "Threat Intelligence database" update (or not, if it is up to date).

What does this database contain? What is it used for? How is it used? I thought TI was RBL based?

Re: Threat Intelligence database

Posted: Sat Jun 25, 2016 2:55 pm
by mikeshinn
Theres both an RBL based compontent, and a local component. The local database is checked first and if an IP isnt on the local DB the remote component is checked. This varies for different protocols, some only the local component is used (RBL might be too slow for that protocol), and for others only the remote component is used if the database changes too quickly for a local cache to be useful. The local TI also contains any third party caches, in the same way.

Re: Threat Intelligence database

Posted: Thu Jun 30, 2016 12:20 pm
by faris
Thanks Mike.

Errr.. please don't forget my request for rsync access to the RBL.....