Enable Open Source & Commercial Feeds with a single click!
Alert on IOCs using Suricata.
Suricata offers the capability to alert on 10's of Thousands of Indicators of Compromise including IPs, Domains, Hashes & more!, IDSTower enables you to do this with no effort!
IOC Management UI
Control Enabled Indicators via the Indicators Management Interface, set score, Enable, disable & investigate.
Control what is alerted on
Control the indicators you want Suricata to alerts you on via the Indicators Alerting Settings page.
Full Suricata Integration
IDSTower will configure Suricata to alert on the Enabled Indicators & will update Suricata with the new Indicators automatically without you having to configure anything.
14 (and more!) Integrated Feed.
IDSTower comes integrated 14 (more coming!) Open Source & commercial feeds that both covers IDS Rules and Indicators of Compromise, just click on Enable and IDSTower will do the rest!
Industry Standard Feeds pre-integrated, with Custom feeds support, including TAXII/SITX & MISP feeds.
Emerging Threats, abuse.ch Feodo Tracker, abuse.ch SSLBL Botnet C2, abuse.ch ThreatFox, Secureworks and more!, now can be enabled with a single click.
You can also add custom TAXII/STIX (2.0 & 2.1), MISP and generic (text, csv, json) feeds to IDSTower to import IOCs and push them to Suricata.
Built-In IOCs Life Cycle Management
IDSTower will download, parse, ingest, score & auto-expire indicators, all automatically, while still giving you the control on all of these steps when needed.
Built-In Rules Life Cycle Management
IDSTower will download, parse, ingest, enable new rule revisions, expire old rules revisions and merge all of the tunning you did to the old revisions to the new ones, all automatically.
Control update frequency, import behavior & scores
You can configure the feeds settings via the Feeds Management page, control things like update frequency, assigned indicators scores, expireation date, import behavior and more!.
