Cisco Umbrella Top 1M Domains List
This app helps with providing guidelines for installing Cisco Umbrella Top 1M Domains List app in Trisul Network Analytics.
To create a Domain Topper Counter that can be used in NSM to train the spotlight on least common domains seen in your network traffic.
Some of the uses can be
- Visibility - To know the usage patterns outside the Top-1M in your enterprise.
- Detect Outliers - To detect rare domains, those created by DGA, typically used by malware.
- Iterative - To add white-list based on your enterprise and fine tune this list.
- To install this App logon as admin, then select App from Web Admin > Manage > Apps > Umbrella Top1M.
- Post install , Run the 'installfeed.sh' script to keep the FireHOL list updated as shown below.
Pre-Requisites You need to install a few packages namely
- Luajit - apt install luajit.
- Unzip - apt install unzip.
- Libleveldb - apt install libleveldb1v5.
Installing the Feed
- You must run the 'installfeed.sh' script in this folder to download the Umbrella-Top-1M list and keep it updated.
- Run the following command,
#curl -O https://raw.githubusercontent.com/trisulnsm/apps/master/analyzers/umbrella-top-1m/installfeed.sh #bash ./installfeed.sh