Versions Compared

Old Version 20

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version 21

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Extreme_Log
This feed is designed to log potentially malicious indicators that are too low confidence to include in the Extreme Block list. This feed is not appropriate for most uses, and is not recommended unless your specific environment has a unique need. Use at your own risk. It is a companion to the Extreme Block feed.

FarsightNOD
Provides an incremental layer of defense to combat malware exfiltration, brand abuse, and spam-based attacks which originate or terminate at newly-launched domains.

High_Block
This is a best practice feed to block possibly risky sites, and is for environments where it is more important to block potential malicious behavior than it is to avoid blocking the occasional non-malicious site. This is primarily used in environments where behavior is predictable, like server farms, point-of-sales terminals, etc. It is a companion to the High Log feed.

...

Low_Log
This is a best practice feed to log potentially malicious sites for organizations that are more concerned about accidental blocks than allowing the occasional threat. This is a companion to the Low Block feed.FarsightNOD
Provides an incremental layer of defense to combat malware exfiltration, brand abuse, and spam-based attacks which originate or terminate at newly-launched domains.

Malware_DGA
Domain generation algorithm (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. Examples include Ramnit, Conficker, and Banjori.

...

Sanctions_IP
May choose to block based on company policy. Contains IPs assigned to United States sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department’s Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the “Sanctions Programs and Country Information” page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.

Sanctions -High
May choose to block based on company policy. Contains IP's assigned to United States high-risk sanctioned IP (Embargoed)
The US OFAC Sanctions IP feed can be blocked based on company policy. The feed blocks nations that are embargoed (Cuba, Iran, Myanmar, North Korea, Syria, and Venezuela)

Sanctions-High
The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations in the embargoed list, plus the following: Belarus, Cambodia, Central African Republic, China, Democratic Republic of Congo, Iraq, Libya, Macao, Russia, and Yemen. Contains IP's assigned to United States high-risk sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.

Sanctions-Med
May choose to block based on company policy. Contains The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations  included in the embargoed and high lists, plus the following: Lebanon, Somalia, South Sudan, Sudan, and Zimbabwe. Contains IP's assigned to United States medium and high-risk sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.

...

TOR_Exit_Node_IP
Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be used to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine.

US OFAC Sanctions IP (Embargoed)
The US OFAC Sanctions IP feed can be blocked based on company policy. The feed blocks nations that are embargoed (Cuba, Iran, Myanmar, North Korea, Syria, and Venezuela). 

US OFAC Sanctions High IP
The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations in the embargoed list, plus the following: Belarus, Cambodia, Central African Republic, China, Democratic Republic of Congo, Iraq, Libya, Macao, Russia, and Yemen. 

US OFAC Sanctions Medium IP
The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations  included in the embargoed and high lists, plus the following: Lebanon, Somalia, South Sudan, Sudan, and Zimbabwe.