Botnet Command and Control Traffic Monitor (10050 / 20050)
This Module monitors traffic originated from known Command and Control hosts (C&C) or directed to these hosts. The list of IP addresses of C&C hosts is obtained from the list published by Emerging Threats (http://www.emergingthreats.net/) company:
The Module reports all communications of internal hosts with C&C list, and provides consolidated information about these communications over a time interval. The observation interval (T, sec) is configurable.
Use External Data Feeder for NFO component for initial load and periodic updates of this threat list.