Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
The reputation IP database for OSSIM SIEM can be found in the /etc/ossim/server/reputation.data file. This file contains information about the reputation of known IP addresses, which is crucial for monitoring traffic from known bad IP addresses.
D is correct.
/etc/ossim/server/reputation.data
The IP reputation list maintained by USM Appliance is stored on the USM Appliance Server in the /etc/ossim/server/reputation.data file. Activity, Reliability, and Priority values provided by OTX are saved with event information for those events having reputation data for either source or destination IP addresses. https://cybersecurity.att.com/documentation/usm-appliance/otx/using-otx-in-usm.htm
The answer is D. Module 4 pg 461
information about the reputation of known IP addresses, which can be used to monitor traffic from known bad IP reputations and aid in security monitoring and incident response. LETTER D
/etc/ossim/server/reputation.data