Skip to Main Content
August 20, 2012

Project Artillery - Artillery Threat Intelligence Feed (ATIF) Launched

Written by David Kennedy
Penetration Testing Security Testing & Analysis
When we initially started Artillery, we could have never imagined how much support from the community we would receive. Since then, we have continued to add onto the Artillery project to continue to make it a better open-source product. For those unaware of what Artillery is, it is an open-source Python driven tool for making it difficult for attackers to hit your network. Attackers utilize predefined patterns in most cases for attacking systems and servers. Artillery takes advantage of that by making vulnerabilities and exposures look like they are existent when they are really not there. When the attacker goes after a given port, Artillery sends random data back to the attacker then bans them permanently. In addition to the active banning and honeypot portions of Artillery, there is also file integrity monitoring, server health checks, and hardening checks.
Today's release starts the evolution of Artillery, and the launch of Project Artillery. Project Artillery will be getting some major releases in the next few months but there is one today that we have been working on for several months. Today we launch ATIF, the Artillery Threat Intelligence Feed. ATIF is a collection of Artillery servers customized and deployed around the world. They automatically feed back attacker IP addresses instantly to the main Artillery central repository and pushed out to the main TrustedSec website. Anyone with Artillery installed will automatically pull these feeds for real-time intelligence feeds of attackers (note that this is configurable through the Artillery config). Today we release Artillery version 0.6 which now enables ATIF as well as starting your own ATIF servers. You can now place ATIF servers out on the Internet and point your other Artillery installations to them if you do not want to use the TrustedSec repositories. Completely up to you. Today marks a new day in real-time threat intelligence feeds for free, for you, and for the betterment of the information security community. This is what TrustedSec is founded upon. Some items of note, the next release 0.7 is already near completion. Not to spoil the surprises, but Artillery will support server/agent models where you can have multiple Artillery sensors deployed and reporting back to a centralized server with automatic responses. Artillery 0.7 has a built-in syslog server as well for real-time feeding. Not to spoil anymore, but Artillery will allow you to feed in multiple firewalls, operating systems, and others for automatic responses. In addition to the new release of Artillery, the attacker feeds are now supported in the Attack Scanner for Wordpress here. The pulls will automatically occur for Attack Scanner and import attacker IP addresses protecting your website realtime. For more information, visit the updated Artillery webpage here.