What does TI do these days?
"aum -u" mentions that there's a "Threat Intelligence database" update (or not, if it is up to date).
What does this database contain? What is it used for? How is it used? I thought TI was RBL based?
Threat Intelligence database
Threat Intelligence database
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Threat Intelligence database
Theres both an RBL based compontent, and a local component. The local database is checked first and if an IP isnt on the local DB the remote component is checked. This varies for different protocols, some only the local component is used (RBL might be too slow for that protocol), and for others only the remote component is used if the database changes too quickly for a local cache to be useful. The local TI also contains any third party caches, in the same way.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Threat Intelligence database
Thanks Mike.
Errr.. please don't forget my request for rsync access to the RBL.....
Errr.. please don't forget my request for rsync access to the RBL.....
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Threat Intelligence database
Hi Guys,YouTube Vanced
This system's hybrid approach, utilizing both local and remote components, offers flexibility in addressing different protocols and scenarios. By prioritizing the local database for performance-critical or stable protocols and leveraging the remote component for rapidly changing data, it optimizes efficiency and adaptability. Additionally, integrating third-party caches into the local threat intelligence further enhances its versatility. This well-balanced design ensures effective threat detection and response across various network conditions and requirements.
This system's hybrid approach, utilizing both local and remote components, offers flexibility in addressing different protocols and scenarios. By prioritizing the local database for performance-critical or stable protocols and leveraging the remote component for rapidly changing data, it optimizes efficiency and adaptability. Additionally, integrating third-party caches into the local threat intelligence further enhances its versatility. This well-balanced design ensures effective threat detection and response across various network conditions and requirements.
Last edited by Advika on Sun Oct 22, 2023 11:17 pm, edited 1 time in total.