Miroslav Stampar
Miroslav Stampar
Well, there is no such "option" :). At your place I would do the rsync and/or backup at the daily basis (e.g. cron job at 23:50 or more frequently) that...
Looks cool, but the idea of Maltrail was to give you some usable (condensed) data and not some "cyber-warfare" panel :))
A) `https://reputation.alienvault.com/reputation.generic` is already being used. Original idea was to rely only on open sources, while the `/api/` requires extra steps. Also, `alienvault` is known for lots of noise, so...
Nice idea :). Will do
No. You can whitelist the IP address (or domain name) in several ways, but you can't whitelist it for specific "trails".
I'll leave this issue opened for potential future implementation
It was my original intention. Will try do implement it soon (in less than a week)
Well, it waits for the first next SYN (TCP connection attempt) at the sensor after the port scanning. Basically, if you do any kind of connection attempt afterwards it will...
@15w34r0n3D4y please update to the latest revision. Now the "flushing" part (of port scanning heuristics) should occur much often (on any sniffed packet)
Most probably memory related. How much RAM do you have there?