Matteo Lodi
Matteo Lodi
yep that makes sense. However, before assigning you this issue, it is important that the other issues you are assigned to are completed.
sorry for the late answer, I am AFK these days, I'll get back as soon as I can on this
Tim, when I checked that I noticed that there were some identical commands here: They are dated March so I am not sure whether this was fixed. In any case,...
it is empty. My speculation is that the deduplication does not happen sometimes because we dont always have the closing event from cowrie and the code did the deduplication there....
I guess you are right, I wanted to experiment with the honeynet servers which seem to be sometimes faulty. I still can't have access to Kibana but this problem needs...
theoretically with the change implemented [here](https://github.com/intelowlproject/GreedyBear/pull/540/files), that should not happen.
First step has been implemented here: https://github.com/intelowlproject/GreedyBear/pull/541
At the first extraction of those mass scanners, the number of filtered IPs went from ~240 to more than 2.5k out of ~800k IP.
@regulartim The mass scanners filter is now working properly :) I also noticed that there are some IP addresses that are not listed there but that still belong to other...
About that, in the "likely to recur list", I found basically all the onyphe.net IP addresses (http://dixon.probe.onyphe.net/ip-ranges.txt), I am filtering them too. I also found others from Censys and Shodan....