Creation of EDLs from IoT Domain files generated by honeypot team - manual

[punisherVX]

When the honeypot team gives us a list of bad IoT domains/IPs, we will need to append these to the current EDL.

First iteration can be a manual script-run, upload to EDL.

Ticket #28: IoT Safe Networking Processing -- Domains

We need to add to SN the ability to identify IoT C2 activity via DNS that we have learned from our Honeypots.

High level requirements include

• creation of EDLs from IoT Domain files generated by honeypot team. First instance of this could be manual but long term could include Minemeld work to keep the EDL updated
• identity the EDL event from the FW vs. the Threat events from DNS db or WF as these events will need special processing
• storing of the malware family and associated domains in the SN database. This will need to be created from the text files created from the Honeypot team today. Sample file here:
  https://paloaltonetworks.box.com/s/halb8utfbtm8k319lvc6bn6xred44hni
• creation of new reports to showcase IoT activity