- May 11, 2013
- 1,687
Hello Guys,
I am looking for a IP Harvester, specifically to build a rogue IP list based upon Symantec Endpoint Protection log.
Right now SEP is collecting IP addresses based upon connection and system rules.
Some are flagged as allowed because of legit protocols and some are blocked by the rule set as rogue attempts.
Now some of these IP addresses are truly bad as I have checked some of the Severity 10 alerts.
Given the findings I would very much like a program that can fetch these S-10 blocks and add them to a separate txt file so I can use that file as a system wide blacklist.
* And NO I am not going trough over a million log entries to scan by hand.
Even a script would do fine... but it needs the ability to run non intrusive for a unlimited time.
So any suggestions idea's is very much welcome.
Cheers
I am looking for a IP Harvester, specifically to build a rogue IP list based upon Symantec Endpoint Protection log.
Right now SEP is collecting IP addresses based upon connection and system rules.
Some are flagged as allowed because of legit protocols and some are blocked by the rule set as rogue attempts.
Now some of these IP addresses are truly bad as I have checked some of the Severity 10 alerts.
Given the findings I would very much like a program that can fetch these S-10 blocks and add them to a separate txt file so I can use that file as a system wide blacklist.
* And NO I am not going trough over a million log entries to scan by hand.
Even a script would do fine... but it needs the ability to run non intrusive for a unlimited time.
So any suggestions idea's is very much welcome.
Cheers