Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Are any of your organizations trusted network assets behaving as TOR relays, bridges, or devices?

To find out, enable Spectre Lumeta to ingest NetFlow v9 (or netflow from a similar flow-collection infrastructure and also enable a threat intelligence feed containing TOR intelligence data such as iDefense.

Note: The standard Spectre Lumeta requirements are not inclusive of this integration. Additional storage may be required to index a TOR feed.

Configure the TOR feed as follows:

  1. On SpectreLumeta's main menu, browse to Settings > Integrations > Open Source Feeds > TOR.
  2.  Enable the threat feed by sliding the toggle button to On.


  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily,, for example, of 12 to poll twice a day,.
  4. Click Submit
    Feed is configured.