MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] banner is enough

pull/76/head
Alexandre Dulaunoy 2023-02-23 16:36:44 +01:00
parent cf56ce0028
commit 8f4c412368
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/blog/MISP-fail2ban-integration.md
View File

@ -19,8 +19,6 @@ So far, so good, so known.
The question is, why should we stop there? We could easily (seriously!) push those offending IP addresses into a MISP, share the information with the world and keep those bloody attackers out of way more machines than only the one we run fail2ban on.
Or we can use the collected information for correlation purposes and for retrospective views in forensic investigations.
![An example output in MISP from a fail2ban automatic import](/assets/images/fail2ban-misp.png)
If a MISP server is reachable, production machines can use this immediately to feed the Thread Sharing platform.
And we can also easily set up a honeypot, and don't tolerate any invalid login attempt. Block it immediately, share it immediately.