Threat Intelligence database

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Threat Intelligence database

Unread post by faris »

What does TI do these days?

"aum -u" mentions that there's a "Threat Intelligence database" update (or not, if it is up to date).

What does this database contain? What is it used for? How is it used? I thought TI was RBL based?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4152
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Threat Intelligence database

Unread post by mikeshinn »

Theres both an RBL based compontent, and a local component. The local database is checked first and if an IP isnt on the local DB the remote component is checked. This varies for different protocols, some only the local component is used (RBL might be too slow for that protocol), and for others only the remote component is used if the database changes too quickly for a local cache to be useful. The local TI also contains any third party caches, in the same way.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Threat Intelligence database

Unread post by faris »

Thanks Mike.

Errr.. please don't forget my request for rsync access to the RBL.....
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Advika
New Forum User
New Forum User
Posts: 1
Joined: Sun Oct 22, 2023 11:16 pm

Re: Threat Intelligence database

Unread post by Advika »

Hi Guys,YouTube Vanced
This system's hybrid approach, utilizing both local and remote components, offers flexibility in addressing different protocols and scenarios. By prioritizing the local database for performance-critical or stable protocols and leveraging the remote component for rapidly changing data, it optimizes efficiency and adaptability. Additionally, integrating third-party caches into the local threat intelligence further enhances its versatility. This well-balanced design ensures effective threat detection and response across various network conditions and requirements.
Last edited by Advika on Sun Oct 22, 2023 11:17 pm, edited 1 time in total.
Post Reply