Project Description

*** Use at your own risk ***

Enigma is a bash script that parses known suspicious email address senders, email subjects, email sender and attached files, suspicious files, IP addresses, domains, web requested URLs, URL file names, top requested news feeds, suspicious user agent strings, and suspicious MD5 file hashes from open and custom close source intelligence feeds.  Enigma also calculates entropy (measures the randomness of possible outcome) against the relevant data it parses for advance heuristics detection within ArcSight.  All parsed data is then brought into ArcSight via CEF syslog.  Please refer to the enigma-X.Y-changeLog file for the changes made or features introduced in the relevant Enigma release. ***NOTE: Ensure the open source intel (OSI) sites are not being blocked by an access control component (i.e. Proxy, Firewall) and that text and csv files are not blocked from being downloaded.  Future build will be fully ported to Perl as time permits me.

Thank you, Rashaad Steward

Last edited Sep 13, 2011 at 12:13 PM by rstew, version 13