Agent
Cyber Crime Threshold:
Recommended 150
Very Aggressive 50
Aggressive 75
Moderate 100
Tolerant 120
Recommended 150
Very Tolerant 200
Your Custom Cyber Crime
Edit
Version:
Latest
V.4
V.3
Container Image:
Intrusion Prevention Systems (IPS):
Iptables (Linux)
Checkpoint R80 (API v1.6.*) - Deprecated
Checkpoint SecureXL DoS
Fortigate
PFList (MacOS/BSD)
Cloudflare
ModSecurity
HAProxy
CSV(IP,Score)
SCP File Transfer
Sophos
Trellix
Infoblox
Forcepoint
Intrusion Detection Systems (IDS):
ModSecurity
SSH Logs
Cloudflare
Luna Project
PFList OFA List
PFList Reload Command
IPSet ACL List
IPSet Reload Command
Checkpoint API URL
Checkpoint Username
Checkpoint Password
Checkpoint Network Group
Checkpoint Policy
Checkpoint Domain
List of Gateways (comma-separated values)
Checkpoint VSX SSH connection
Checkpoint VSX SSH password
Checkpoint SecureXL Execution Command
Virtual System IDs seperated by comma (CSV)
Fortigate SSH connection
Fortigate SSH password
Fortigate Execution Command
Feeds URL
Update Feeds (in min)
SSH connection
SSH password
Execution Command
Feeds URL
Updates Feeds (in min)
Sophos User
Sophos Password
Sophos API URL
Script
Trellix User
Trellix Password
Trellix API URL
Trellix File List
Trellix Broker CA Bundle
Trellix CERT File
Trellix Private Key
Infoblox User
Infoblox Password
Infoblox API URL
Infoblox Group
Infoblox Policy
Infoblox Action
Infoblox Gateways
Infoblox Domains File
Forcepoint User
Forcepoint Password
Forcepoint API URL
Forcepoint Group
Forcepoint Policy
Forcepoint Action
Forcepoint Parent
Forcepoint URLS File
Cloudflare E-Mail
Cloudflare Global API Key
ModSec Rulset
ModSec Logs
ModSec Reload Command
Host
Username
Password
HAProxy
HAProxy Logs
HAProxy Reload Command
CSV(IP,Score)
CSV Filepath
CSV Reload Command
Luna - Threat Source List
[ ]
SSH Logs
Access Key
Secret Access Key
Region
Start From (in Timestamp)
Maximum Rules
Sync frequency (in minutes)
ELK Full link for Logs
How to install and run?
1. Download the Script into your target machine:
Download Install Script
2. Generate and into the same folder your personal OFA Config JSON:
Download config.json
3. Run the WCF Agent Docker (via docker, docker-compose or K8s)