Are any of your organization's trusted network assets behaving as TOR relays, bridges, or devices?
To find out, enable Asset Manager to ingest NetFlow (or netflow from a similar flow-collection infrastructure and also enable a threat intelligence feed containing TOR intelligence data such as iDefense.
Note: The standard Asset Manager requirements are not inclusive of this integration. Additional storage may be required to index a TOR feed.
Configure the TOR feed as follows:
- On the Asset Manager toolbar, navigate to Settings > Integrations > TOR.
- Enable the threat feed by sliding the toggle button to On.
- Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data.
- Click Submit.