cisco_umbrella_top-1m_domains_list
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | cisco_umbrella_top-1m_domains_list [2020/04/01 16:37] (current) – created navaneeth | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Cisco Umbrella Top 1M Domains List ====== | ||
+ | |||
+ | This app helps with providing guidelines for installing Cisco Umbrella Top 1M Domains List app in Trisul Network Analytics. | ||
+ | |||
+ | ** | ||
+ | To create a Domain Topper Counter that can be used in NSM to train the spotlight on least common domains seen in your network traffic. | ||
+ | ** | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Some of the uses can be | ||
+ | |||
+ | - Visibility - To know the usage patterns outside the Top-1M in your enterprise. | ||
+ | - Detect Outliers - To detect rare domains, those created by DGA, typically used by malware. | ||
+ | - Iterative - To add white-list based on your enterprise and fine tune this list. | ||
+ | |||
+ | < | ||
+ | |||
+ | ===== Installing ===== | ||
+ | |||
+ | * To install this App logon as admin, then select App from //Web Admin > Manage > Apps > Umbrella Top1M//. | ||
+ | {{: | ||
+ | * Post install , Run the ' | ||
+ | |||
+ | **Pre-Requisites** | ||
+ | You need to install a few packages namely | ||
+ | * Luajit - apt install luajit. | ||
+ | * Unzip - apt install unzip. | ||
+ | * Libleveldb - apt install libleveldb1v5. | ||
+ | |||
+ | < | ||
+ | |||
+ | ===== Installing the Feed ===== | ||
+ | |||
+ | * You must run the ' | ||
+ | * Run the following command, | ||
+ | |||
+ | < | ||
+ | #bash ./ | ||
+ | </ | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | ===== Viewing Data ===== | ||
+ | |||
+ | This APP adds a new counter group called ' | ||
+ | |||
+ | - Go to //Retro > Retro Counters.// | ||
+ | - Select a desired Time-frame and select ' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
cisco_umbrella_top-1m_domains_list.txt · Last modified: 2020/04/01 16:37 by navaneeth