Page 1 of 1

Threat Intelligence database

Posted: Sat Jun 25, 2016 12:15 pm
by faris
What does TI do these days?

"aum -u" mentions that there's a "Threat Intelligence database" update (or not, if it is up to date).

What does this database contain? What is it used for? How is it used? I thought TI was RBL based?

Re: Threat Intelligence database

Posted: Sat Jun 25, 2016 2:55 pm
by mikeshinn
Theres both an RBL based compontent, and a local component. The local database is checked first and if an IP isnt on the local DB the remote component is checked. This varies for different protocols, some only the local component is used (RBL might be too slow for that protocol), and for others only the remote component is used if the database changes too quickly for a local cache to be useful. The local TI also contains any third party caches, in the same way.

Re: Threat Intelligence database

Posted: Thu Jun 30, 2016 12:20 pm
by faris
Thanks Mike.

Errr.. please don't forget my request for rsync access to the RBL.....

Re: Threat Intelligence database

Posted: Sun Oct 22, 2023 11:17 pm
by Advika
Hi Guys,YouTube Vanced
This system's hybrid approach, utilizing both local and remote components, offers flexibility in addressing different protocols and scenarios. By prioritizing the local database for performance-critical or stable protocols and leveraging the remote component for rapidly changing data, it optimizes efficiency and adaptability. Additionally, integrating third-party caches into the local threat intelligence further enhances its versatility. This well-balanced design ensures effective threat detection and response across various network conditions and requirements.