What is it about?
The Cyber Threat Intelligence (CTI) team at OGO maintains a mapping of the risk level of public IPv4 and IPv6 addresses.
Four categories are involved in the evaluation of the OGO Brain and are also available for specific configurations (Advanced/Expert Mode):
|
|
Tor | Exit node IPs of the Tor network |
VPN | Exit IPs of free and commercial VPN solutions |
Open proxies | Exit IPs of open proxies available on the Internet |
Malware / Botnet / Command & Control | Exit IPs of networks hosting malware, botnets, and C2 servers |
They are updated every 30 minutes based on multiple internal and external information sources.
How does the OGO Brain use it?
Default: Aggravating Factor
If an anomaly is detected, the credibility of the IP will be more strongly impacted if it belongs to a dangerous category.
The "Forbid" Mode
By enabling "Forbid", you can instruct the Brain to instantly block any traffic coming from a category if OGO’s confidence that the IP belongs to this category is higher than the Forbid min. confidence.
The confidence that an IP belongs to a category is calculated based on the number of times the IP appears across different sources for the same category.