Ubiquiti

Review configuration options for Ubiquiti firewalls in RocketCyber

IP blacklisted by OpenProxies  These are IP addresses that have been labelled as malicious by different threat intelligence sources
IP blacklisted by OpenBL
IP blacklisted by ASL
Emerging threats Checks traffic against known malicious actors
Suspicious origin IP Checks for traffic originating from regions with high proportions of malicious actors (e.g. Iran)
DDoS attack via NTP These are different means of attempting to bring down your network by overwhelming available resources
DDoS attack via DNS amplifier
Heartbleed attack Checks for attempts to exploit the Heartbleed vulnerability, which would allow an attacker to access whatever data is in active memory on the machine

Log Format

The expected format for Ubiquiti logs is space-separated.  For example

<4>May 19 11:57:51 UBG-Dallas kernel: [WAN_IN-3005-A]IN=eth2 OUT=eth0 MAC=18:e8:29:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:00 SRC=96.78.75.73 DST=70.70.71.75 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=9777 DF PROTO=TCP SPT=56777 DPT=8777 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0