You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Are any of your organizations trusted network assets behaving as TOR relays, bridges, or devices?
To find out, enable Spectre to ingest NetFlow v9 (or netflow from a similar flow-collection infrastructure and also enable a threat intelligence feed containing TOR intelligence data such as iDefense.
Note: The standard Spectre requirements are not inclusive of this integration. Additional storage may be required to index a TOR feed.
Configure the TOR feed as follows: