maltrail
maltrail copied to clipboard
stamparm
Malicious traffic detection system
With the current list of nodes Tor traffic is never recognized. I propose to change the list and use the pfblockerng list to find all IPs of all nodes in...
So...I have this which I'd like to whitelist: ~~~ May 1 13:28:01 CEF: 0|Maltrail|sensor|0.56|2023-04-30|long domain (suspicious)|1|src=*.*.*.* spt=10717 dst=*.*.*.* dpt=53 trail=(e0d67c50a7e624febcb2fe3f88c2aa.baas).nintendo.com ref=(heuristic) ~~~ I added nintendo.com to my maltrail.conf (USER_WHITELIST ./whitelist.txt),...
It can be challenging to find out what has been connecting to the domains or ip detected by the sensor. Using something like packetbeat helps but it, requires something else...
Just wanted to report an issue with the Maltrail login page. When viewing Maltrail on a mobile device and being presented with the login page the following is shown below...
Maltrail user in OPNsense here. I have noticed when loading Maltrail an error is displayed in the browser:- Content Security Policy: The page’s settings blocked the loading of a resource...
I get a lot of events each day just from mass scans, which makes it hard to filter out the more useful events. Would it be possible to ignore any...
Add malicious IP CobaltStrike beacon: Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_CobaltStrikeBeacon.csv
@stamparm Please, verify the list. I'm not sure couple of records are related to dyn-dns. If OK to move to ```suspicious\domain.txt``` -- will move.
Would be nice if from GUI, when we right-click an item, had an option "add to user_whitelist". this option would remove the entrie from logs and add to user whitelist.
