Monday, April 6, 2015

QRadar - Threat Intelligence on the Cheap - The Code

Ever thought of a way to get get threat intelligence information for your QRadar on the cheap. Here it is, I'm making your life and or job easier :-).

Basically this script goes out to a few websites and download lists of suspected bad IPs and Domains. From this list I then compile one list for IPs and one for DNS. 

Once I have the above lists, I then create 2 reference sets in QRadar to import the data.

Once the script runs for the first time, you will need to create your QRadar rules manually. This post addresses that issue.


P.S. Point to note is the quality of this list is dependent on the people who are putting it out. I give no warranty or am I vouching for the list. These IPs should be used as a starting point of your investigation, not the ultimate decision as to whether something good or bad has happened.



#!/usr/bin/env python
# This is code is designed to download list of known bad IPs and domains
# Once the lists have been downloaded, 2 reference sets are created
# 1 for IPs and 1 for domains
# Manual creation of QRadar rules are then done. These rules are then run against these
# list to identify known bad IPs and Domain
#
# SecurityNikThreatIntel.py v1.0
# Author: Nik Alleyne, CISSP|GCIH|A < nikalleyne at gmail.com >
# Date: 2015-02-25
# Disclaimer: In no way am I responsible for any damages which you may
# cause to your system by running this script.

from os import uname, path, system, remove, getcwd
from shutil import rmtree,copytree
from subprocess import call
from sys import exit
from time import sleep


# This function checks to see if this script is running on Linux.
def check_os():
    qRadar_path = '/opt/qradar/conf/'
    qRadar_ver = '/opt/qradar/bin/myver'

    print(' Checking OS ... ')
    if ( uname()[0] == 'Linux' ) or ( uname()[0] == 'linux'):
        #print(' Running on Linux ... ')
       
        if ( path.exists('/etc/system-release') and path.isfile('/etc/system-release') ):
            call(['cat', '/etc/system-release'])
        else:
            print('\n Looks like you are running Linux. ')
            print('\n However, I am unable to determine your version info. ')
       
        print(' \n Looking for an installed version of QRadar')
        if ( path.exists(qRadar_path) and ( path.isdir(qRadar_path)) ):
            print(' \n looks like you are running QRadar version ... ')
            call([qRadar_ver])
            print(' \n Good stuff ... \n Blast off =>>>>>>> ')
        else:
            print(' An installed version of QRadar was not found on your system ')
            print(' This script will not work for you, it was designed to be used on box running IBM QRadar ')
            print(' Exiting ... ')
            exit(0)
       
        sleep(2)
    else:
        print(' Running this is a waste of your time. ')
        print(' This script is SPECIFICALLY for QRadar ')
        exit(0)


# This function downloads a list of known bad IPs and
def grab_ip_list():
    ip_path = ''
    bad_ip_list =    ['http://malc0de.com/bl/IP_Blacklist.txt' ,
                     'http://talosintel.com/feeds/ip-filter.blf',
                    'http://malc0de.com/bl/IP_Blacklist.txt',
                    'http://www.malwaredomainlist.com/hostslist/ip.txt',
                    'https://zeustracker.abuse.ch/blocklist.php?download=badips' ,
                    'http://www.spamhaus.org/drop/drop.txt',
                    'http://www.spamhaus.org/drop/edrop.txt',
                    'http://www.spamhaus.org/drop/drop.lasso',
                    'http://www.okean.com/chinacidr.txt' ,
                    'http://myip.ms/files/blacklist/general/latest_blacklist.txt' ,
                    'http://myip.ms/files/blacklist/csf/latest_blacklist.txt' ,
                    'http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt' ,
                    'http://rules.emergingthreats.net/blockrules/compromised-ips.txt' ,  
                    'http://feeds.dshield.org/block.txt' ,
                    'http://feeds.dshield.org/top10-2.txt',
                    'http://www.dshield.org/feeds/topips.txt'
                    'https://feodotracker.abuse.ch/blocklist/?download=ipblocklist',
                    'https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist' ,
                    'https://zeustracker.abuse.ch/blocklist.php?download=badips' ,
                    ]


    # Check to see if ip_tmp/ folder exists - This folder stores the files a the first download.
    # Basically this will determine if its the first time the script is being run
    if ( path.exists('.ip_tmp/') and (path.isdir('.ip_tmp/')) ):
        ip_path = '.ip_tmp_path/'
    else:
        ip_path = '.ip_tmp/'

    try:
        print(' Preparing to download list of bad IP addresses ')
        for link in bad_ip_list:
            print(link)
            call(['wget', link, '--directory-prefix='+ip_path , '--tries=2', '--continue', '--timestamping', '--timeout=5', '--random-wait', '--no-proxy', '--inet4-only'])
            print(' \n  %s \n retrieved successfully \n' %link )
            sleep(2)
    except:
        print(' A problem occurred while downloading IP information from %s ' %link )
        print(' This link may be broken. Please copy the URL and paste into a browser to ensure it is accessible')
    else:
        # Looks like all went well
        print(' \n Looks like we have some baddddd IPs! ')



# This fuction download the list of malicious and or suspected domains
# DO NOT add entry to this list unless you are sure what you are doing
# These files are in different formats, thus may need to be manipulated the files individually

def grab_dns_list():
    dns_path = ''
    bad_dns_list =    [ 'http://www.joewein.net/dl/bl/dom-bl.txt',
                       'http://www.joewein.net/dl/bl/dom-bl-base.txt',
                       'http://mirror1.malwaredomains.com/files/immortal_domains.txt',
                       'http://mirror1.malwaredomains.com/files/dynamic_dns.txt',
                       'https://zeustracker.abuse.ch/blocklist.php?download=baddomains',
                       'http://www.malwaredomainlist.com/hostslist/hosts.txt',
                       'http://malc0de.com/bl/BOOT',
                       'http://malc0de.com/bl/ZONES'
                    ]

    if ( path.exists('.dns_tmp') and (path.isdir('.dns_tmp')) ):
        dns_path = '.dns_tmp_path'
    else:
        dns_path = '.dns_tmp'

    try:
        print(' Preparing to download list of bad Domain  ')
        for dns in bad_dns_list:
            print(dns)
            call(['wget', dns, '--directory-prefix='+dns_path , '--tries=2', '--continue', '--timestamping', '--timeout=5', '--random-wait', '--no-proxy', '--inet4-only'])
            print(' \n  %s \n retrieved successfully \n' %dns )
            sleep(2)
    except:
        print(' A problem occurred while downloading DNS information from %s ' %dns )
        print(' This link may be broken. Please copy the URL and paste into a browser to ensure it is accessible')
    else:
        # Looks like all went well
        print(' \n Looks like we have some baddddd domains! ')


# Checking the directories to see if the last run added new info
def compare_ip_dirs():
    print(' Checking if there is need for an update .... ')

    #first check to see if .ip_tmp_path exists
    if ( path.exists('.ip_tmp_path') and (path.isdir('.ip_tmp_path')) ):
        print(' Give me just a few seconds more')
        sleep(2)
  
        if ( int(path.getsize('.ip_tmp')) <= int(path.getsize('.ip_tmp_path')) ):
            print(' \n Looks like new content is available ')
            # copying new content in .ip_tmp_path to .ip_tmp
            try:
                rmtree('.ip_tmp')
                copytree('.ip_tmp_path','.ip_tmp')
            except:
                print(' Failed to copy new data ... ')
                print(' Exiting ... ')
                exit(0)
            else:
                print(' Successfully moved new data')
        else:
            print(' Nothing new was added ... ')
            print(' Exiting ... ')
            exit(0)
    else:
        print(' This is first run ... \n moving on ... ')

    sleep(2)


# Comparing the DNS folders to see if new content may have been added
def compare_dns_dirs():
    print(' Checking if there is need for an update .... ')
  
    #first check to see if .ip_tmp_path exists
    if ( path.exists('.ip_tmp_path') and (path.isdir('.ip_tmp_path')) ):
        print(' Give me just a few seconds more')
        sleep(2)
       
        if ( int(path.getsize('.ip_tmp')) <= int(path.getsize('.ip_tmp_path')) ):
            print(' \n Looks like new content is available ')
           
            # copying new content in .dns_tmp_path to .dns_tmp
            try:
                rmtree('.dns_tmp')
                copytree('.dns_tmp_path','.dns_tmp')
            except:
                print(' Failed to copy new data ... ')
                print(' Exiting ... ')
                exit(0)
            else:
                print(' Successfully moved new data')              
        else:
            print(' Nothing new was added ... ')
            print(' Exiting ... ')
            exit(0)
    else:
        print(' This is first run ... \n moving on ... ')
        sleep(2)


# Now that the files have been successfully downloaded, let's combine them all
def combine_ip_files():
    print(' \n Checking for .ip_tmp folder ... ')
    sleep(2)
    if ( path.exists('.ip_tmp') and path.isdir('.ip_tmp') ):
        print(' directory .ip_tmp/ found ')
        system('cat .ip_tmp/* | grep --perl-regexp --only-matching "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" | sort -i | uniq --unique --check-chars=15 > SecurityNikBadIPs.txt')
       
        if ( path.exists('SecurityNikBadIPs.txt') and path.isfile('SecurityNikBadIPs.txt') ):
            print(' Successfully created file SecurityNikBadIPs.txt ')
        else:
            print(' Unable to create SecurityNikBadIPs.txt file ')
            print(' The program will now exit ... Exiting ... ')
            exit(0)
    else:
        print(' \n ip_tmp/ directory not found ')
        print(' Unable to continue ... Exiting!')
        exit(0)


# This function manipulates the downloaded DNS files, so that all can be placed into one standard file
def combine_dns_files():
    print(' Combining DNS files ')
    if ( path.exists('.dns_tmp') and  path.isdir('.dns_tmp') ):
        print(' directory .dns_tmp/ found ')
        try:
            print(' Combining downloaded files into .... ')
            system('cat .dns_tmp/dom-bl.txt > .SecurityNikBadDomains.txt')
            system('cat .dns_tmp/dom-bl-base.txt >> .SecurityNikBadDomains.txt')
            system("cat .dns_tmp/hosts.txt | awk  '/127.0.0.1/ { print $2 }'  >> .SecurityNikBadDomains.txt")
            system('cat .dns_tmp/immortal_domains.txt | grep -i -P "This is a list|^$" -v >> SecurityNikBadDomains.txt')
            system('cat .dns_tmp/BOOT | grep -i PRIMARY | cut -f 2 -d " " | grep -i -v -P "ibm\.com" -v >> .SecurityNikBadDomains.txt')
            system('cat .dns_tmp/dynamic_dns.txt | grep -P -v "^#|^$" | cut -f 1 -s >> .SecurityNikBadDomains.txt')
            system('cat .dns_tmp/blocklist.php\?download\=baddomains | grep -P -v "^#|^$" >> .SecurityNikBadDomains.txt')
            system('cat .SecurityNikBadDomains.txt | sort -i | uniq --unique > SecurityNikBadDomains.txt')
       
        except:
            print(' Looks like an error occurred while combining the files')
            print(' Please retry later ... \n Exiting ... ')
            exit(0)
        else:
            print(' files successfully combined ')
            print(' A list of known bad domains can be found in SecurityNikBadDomains.txt')
            remove('.SecurityNikBadDomains.txt')

    else:
        print(' \n dns_tmp/ directory not found ')
        print(' The program will now exit ... Exiting ... ')
        exit(0)




# This function does all the work for the IP reference set
def verify_create_ip_reference_set():
    reference_set_name = 'SecurityNik_IP_Darklist'
    ip_txt = getcwd()+'/SecurityNikBadIPs.txt'
    rows = []
  
    print('Checking to see if the reference set %s already exists' %reference_set_name)
    f =open('.count.txt', 'w')
    call(["psql", "-U", "qradar", "--command=SELECT COUNT(*) FROM reference_data WHERE name='SecurityNik_IP_Darklist'"], stdout=f )
    f.close()

    # Resting ... I'm tired
    sleep(2)
  
    f = open('.count.txt', 'r')
       
    for line in f.readlines():
        rows.append(line.strip())
    #print(rows)
  
    if (rows[2].strip() != '0'):
        print(' Looks like reference set already exists \n ')
    else:
        print(' Reference Set %s not found ...  %reference_set_name ')
        print(' Looks like we will have to create this bad boy ...')
       
        try:  
            call(['/opt/qradar/bin/ReferenceSetUtil.sh', 'create', reference_set_name , 'IP'])
            print(' Successfully created reference set %s \n ' %reference_set_name )
            #print(' Looks like that went well ... ' )
        except:
            #This does not catch any java exception that may be created
            print(' Error occurred while creating reference set %s ' %reference_set)
            print(' You may create the reference set %s manually if needed ' %reference_set_name )
            exit(0)

    print(' Loading information into reference set %s ' %reference_set_name )
    try:  
        call(['/opt/qradar/bin/ReferenceSetUtil.sh', 'load', reference_set_name , ip_txt ])
        print(' \n You may need to verify that you have rules created to use %s ' %reference_set_name )
    except:
        print(' An error occurred while loading the reference set ... ')
        print(' Please retry later!')
        exit(0)
    remove('.count.txt')


# This function creates the DNS reference set
def verify_create_dns_reference_set():
    reference_set_name = 'SecurityNik_DNS_Darklist'
    dns_txt = getcwd()+'/SecurityNikBadDomains.txt'
    dns_rows = []
  
    print('Checking to see if the reference set %s already exists' %reference_set_name)
    f = open('.count.txt', 'w')
    call(["psql", "-U", "qradar", "--command=SELECT COUNT(*) FROM reference_data WHERE name='SecurityNik_DNS_Darklist'"], stdout=f )
    f.close()

    # Taking a nap ...
    sleep(2)

    f = open('.count.txt', 'r')
    for line in f.readlines():
        dns_rows.append(line.strip())
    #print(dns_rows)

    if (dns_rows[2].strip() != '0'):
        print(' Looks like reference set already exists \n ')
    else:
        print(' Reference Set %s not found ' %reference_set_name )
        print(' Looks like we will have to create this bad boy ...')
        try:
            call(['/opt/qradar/bin/ReferenceSetUtil.sh', 'create', reference_set_name , 'ALN'])
            print(' Successfully created reference set %s ' %reference_set_name )
           
            #print(' Looks like that went well ... ' )
        except:
            # This does not catch any java exception that may be created
            print(' Error occurred while creating reference set %s ' %reference_set)
            print(' You may create the reference set %s manually if needed ' %reference_set_name )
            exit(0)
               
    print(' Loading information into reference set %s ' %reference_set_name )
       
    try:
        call(['/opt/qradar/bin/ReferenceSetUtil.sh', 'load', reference_set_name , dns_txt ])
        print(' \n You may need to verify that you have rules created to use %s ' %reference_set_name )
    except:
        print(' An error occurred while loading the reference set ... ')
        print(' Please retry later!')
        exit(0)
    remove('.count.txt')



# Main Function
def main():
    #print('You are in the main part of the code')
    call('clear')
    check_os()

    # Let's work on the IP Reference Set
    grab_ip_list()
    compare_ip_dirs()
    combine_ip_files()
    verify_create_ip_reference_set()

    # Let's work on the DNS Reference Set
    grab_dns_list()
    compare_dns_dirs()
    combine_dns_files()
    verify_create_dns_reference_set()


if __name__ == "__main__":
    main()


# End of Script



As stated above, hopefully this script makes someone else happy.

Have fun and don't forget the other posts in this series to ensure your reference set and rules are properly created.


1. The Code to download the Darklist
2. Verifying the Reference Set Creation
3. Writing the Common Rule to check for the IPs
4. Writing the Event Rule to check for the domains
5. Checking your environment for the malicious IPs and or domains.


SecurityNikThreatIntel.py
This project can also be found on github at https://github.com/SecurityNik/QRadar---Threat-Intelligence-On-The-Cheap






16 comments:

  1. what version of Qradar have you tried this on? I'm getting socket error while writing logs when it tries to load the info in to the DNS reference set.

    ReplyDelete
  2. tried on two different consoles both running 7.2.4 (but different patch levels) and got the same results. it let me import the list automatically when I converted it to a CSV though.

    ReplyDelete
  3. Can I see the error you are getting? As in can you copy and paste the text here? you can obfuscate any information which is sensitive.

    ReplyDelete
    Replies
    1. Loading information into reference set SecurityNik_DNS_Darklist
      Arg[0]: load
      Arg[1]: SecurityNik_DNS_Darklist
      Arg[2]: /root/SecurityNikBadDomains.txt
      log4j:ERROR socket error while writing logs
      log4j:ERROR socket error while writing logs
      ReferenceSetUtil caught an error : org.apache.openjpa.lib.jdbc.ReportingSQLException: Batch entry 4,607 update reference_data_element set source='command line', last_seen=current_timestamp where data=? and rdk_id = (select rdk.id from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = 'SecurityNik_DNS_Darklist')) was aborted. Call getNextException to see the cause. {prepstmnt 1897376820 update reference_data_element set source=?, last_seen=current_timestamp where data=? and rdk_id = (select rdk.id from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = ?))} [code=0, state=08006]
      org.apache.openjpa.lib.jdbc.ReportingSQLException: Batch entry 4,607 update reference_data_element set source='command line', last_seen=current_timestamp where data=? and rdk_id = (select rdk.id from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = 'SecurityNik_DNS_Darklist')) was aborted. Call getNextException to see the cause. {prepstmnt 1897376820 update reference_data_element set source=?, last_seen=current_timestamp where data=? and rdk_id = (select rdk.id from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = ?))} [code=0, state=08006]
      at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:219)
      at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:207)
      at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$1200(LoggingConnectionDecorator.java:59)
      at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeBatch(LoggingConnectionDecorator.java:1215)
      at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeBatch(DelegatingPreparedStatement.java:247)
      at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeBatch(DelegatingPreparedStatement.java:247)
      at org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeBatch(JDBCStoreManager.java:1783)
      at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeBatch(DelegatingPreparedStatement.java:247)
      at com.q1labs.core.dao.referencedata.light.ReferenceDataCacheSet.updateData(ReferenceDataCacheSet.java:874)
      at com.q1labs.core.dao.referencedata.light.ReferenceDataCacheSet.addElement(ReferenceDataCacheSet.java:387)
      at com.q1labs.core.shared.referencedata.ReferenceDataManager.addToReferenceDataCollection(ReferenceDataManager.java:727)
      at com.q1labs.core.util.referenceset.ReferenceSetUtil.load(ReferenceSetUtil.java:1095)
      at com.q1labs.core.util.referenceset.ReferenceSetUtil.runProgram(ReferenceSetUtil.java:209)
      at com.q1labs.core.util.referenceset.ReferenceSetUtil.main(ReferenceSetUtil.java:92)

      You may need to verify that you have rules created to use SecurityNik_DNS_Darklist

      Delete
  4. Not sure what is going on but I just logged in
    "Last login: Tue Aug 25 04:16:01 2015 from xx.xx.xx.xx
    This server has QRadar 7.2.4.983526 installed on ...... "

    ran the script and got the following

    Checking to see if the reference set SecurityNik_IP_Darklist already exists
    Looks like reference set already exists

    Loading information into reference set SecurityNik_IP_Darklist
    Arg[0]: load
    Arg[1]: SecurityNik_IP_Darklist
    Arg[2]: /root/SecurityNikThreatIntel/SecurityNikBadIPs.txt

    You may need to verify that you have rules created to use SecurityNik_IP_Darklist
    Checking to see if the reference set SecurityNik_DNS_Darklist already exists
    Looks like reference set already exists

    Loading information into reference set SecurityNik_DNS_Darklist
    Arg[0]: load
    Arg[1]: SecurityNik_DNS_Darklist
    Arg[2]: /root/SecurityNikThreatIntel/SecurityNikBadDomains.txt

    You may need to verify that you have rules created to use SecurityNik_DNS_Darklist

    ReplyDelete
    Replies
    1. IDK, if I figure it out I'll let you know. Thanks!

      Delete
    2. I had a hard time getting the reference set to load. I found that Qradar doesn't like ':' and ';' in the text file. Also I pulled out the xn-- items until I can figure out if I need to use the Punycode or straight UTF in my environment.

      Delete
    3. Tom,
      What version are you running. I wonder how many people besides me managed to get this script working without any issues. I see the response for those who are having issues but have no idea about the people who have this working, even though this seems to be a popular post

      Delete
    4. It is version 7.2.4. The IP download and update works wonderfully. For whatever reason, the DNS blacklist was failing so I looked at the text list. Once I removed any of the ; and : and the encoded DNS entries, the list imported fine. Just weird. I started to look at the ReferenceDataUtil.sh but it just calls java and a referencedata Class. That is outside my abilities. At some point, I'll hunt down the website that has the misconfigured download and edit the script. The work to gather the data and the framework to update Qradar is there. I can comment out the DNS blacklist upload until I figure it out. Glad that you posted this. Its been a huge help!

      Delete
    5. Glad you got it to work. I don't think I have the Talos darklist as part of the script as I recently learned of this. So you should consider add this to the IP section.

      http://talosintel.com/feeds/ip-filter.blf

      Delete
  5. Thank you very much for this script. It works so fine :-)

    I promise so I do it... and thank you too for troubleshooting and rule's building!

    Julien M.

    ReplyDelete
  6. It didn't work for me :-( This is what I got. I'm running 7.2.6
    Francis

    Loading information into reference set SecurityNik_DNS_Darklist
    Arg[0]: load
    Arg[1]: SecurityNik_DNS_Darklist
    Arg[2]: /var/local/SecurityNikBadDomains.txt
    log4j:ERROR socket error while writing logs
    log4j:ERROR socket error while writing logs
    ReferenceSetUtil caught an error : org.apache.openjpa.lib.jdbc.ReportingSQLException: Batch entry 3,839 insert into reference_data_element (rdk_id,data,source,first_seen,last_seen) select rdk.id,?,'command line',current_timestamp, current_timestamp from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = 'SecurityNik_DNS_Darklist') was aborted. Call getNextException to see the cause. {prepstmnt -1320178841 insert into reference_data_element (rdk_id,data,source,first_seen,last_seen) select rdk.id,?,?,current_timestamp, current_timestamp from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = ?)} [code=0, state=08006]
    org.apache.openjpa.lib.jdbc.ReportingSQLException: Batch entry 3,839 insert into reference_data_element (rdk_id,data,source,first_seen,last_seen) select rdk.id,?,'command line',current_timestamp, current_timestamp from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = 'SecurityNik_DNS_Darklist') was aborted. Call getNextException to see the cause. {prepstmnt -1320178841 insert into reference_data_element (rdk_id,data,source,first_seen,last_seen) select rdk.id,?,?,current_timestamp, current_timestamp from reference_data_key rdk where rdk.rd_id = (select id from reference_data where name = ?)} [code=0, state=08006]
    at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:219)
    at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:207)
    at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$1200(LoggingConnectionDecorator.java:59)
    at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeBatch(LoggingConnectionDecorator.java:1215)
    at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeBatch(DelegatingPreparedStatement.java:247)
    at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeBatch(DelegatingPreparedStatement.java:247)
    at org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeBatch(JDBCStoreManager.java:1783)
    at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeBatch(DelegatingPreparedStatement.java:247)
    at com.q1labs.core.dao.referencedata.light.ReferenceDataCacheSet.saveData(ReferenceDataCacheSet.java:840)
    at com.q1labs.core.dao.referencedata.light.ReferenceDataCacheSet.addElement(ReferenceDataCacheSet.java:391)
    at com.q1labs.core.shared.referencedata.ReferenceDataManager.addToReferenceDataCollection(ReferenceDataManager.java:726)
    at com.q1labs.core.util.referenceset.ReferenceSetUtil.load(ReferenceSetUtil.java:1108)
    at com.q1labs.core.util.referenceset.ReferenceSetUtil.runProgram(ReferenceSetUtil.java:211)
    at com.q1labs.core.util.referenceset.ReferenceSetUtil.main(ReferenceSetUtil.java:94)

    You may need to verify that you have rules created to use SecurityNik_DNS_Darklist

    ReplyDelete
  7. Great script and thank you for improving our Security posture at our office.

    Thank you!
    Jeremy

    ReplyDelete