Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New alarm: Abuse.ch SSLBL SSL Certificate Blacklist #126

Open
fastlorenzo opened this issue Nov 20, 2020 · 2 comments
Open

New alarm: Abuse.ch SSLBL SSL Certificate Blacklist #126

fastlorenzo opened this issue Nov 20, 2020 · 2 comments
Labels
alarm Related to RedELK alarms elkserver Related to RedELK server components enhancement New feature or request

Comments

@fastlorenzo
Copy link
Collaborator

Create new alarm for Abuse.ch SSLBL SSL Certificate Blacklist
@MarcOverIP
Copy link
Member

The question is what do we check and compare to the blacklist. Right now, RedELK has no config option or no automated way for knowing the certificate used in the operation. This should be included as well before we can check against a black list.

Getting that info is prolly not straight-forward. Also, the chance of a red team ops cert being marked by abuse.ch is small (they mostly collect certs from bigger malware/worms/cryptolockers/etc). So this alarm should be regarded as low priority for now.

@fastlorenzo fastlorenzo added the enhancement New feature or request label May 14, 2021
@fastlorenzo fastlorenzo added elkserver Related to RedELK server components alarm Related to RedELK alarms labels May 27, 2021
@MarcOverIP MarcOverIP added this to To Do in v2.0.0-beta.6 via automation Jan 17, 2022
@MarcOverIP MarcOverIP added this to the v2.0.0-beta.6 milestone Jan 24, 2022
@MarcOverIP MarcOverIP removed this from To Do in v2.0.0-beta.6 Jun 30, 2022
@MarcOverIP
Copy link
Member

After discussion with @fastlorenzo we are moving this out of the beta6 milestone, lower prio.

@MarcOverIP MarcOverIP removed this from the v2.0.0-beta.6 milestone Aug 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
alarm Related to RedELK alarms elkserver Related to RedELK server components enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fastlorenzo @MarcOverIP