View Source

Are any of your organizations trusted network assets behaving as TOR relays, bridges, or devices?

To find out, enable Lumeta to ingest NetFlow v9 (or netflow from a similar flow-collection infrastructure and also enable a threat intelligence feed containing TOR intelligence data such as iDefense.

Note: The standard Lumeta requirements are not inclusive of this integration. Additional storage may be required to index a TOR feed.

Lumeta Enterprise Edition > TOR > image2017-6-14_9-2-17.png

Configure the TOR feed as follows:

On Lumeta's main menu, browse to Settings > Integrations > Open Source Feeds > TOR.
Enable the threat feed by sliding the toggle button to On.
Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily,, for example, of 12 to poll twice a day,.
Click Submit.
Feed is configured.