Are any of your organizations trusted network assets behaving as TOR relays, bridges, or devices?

To find out, enable Spectre to ingest NetFlow v9 (or netflow from a similar flow-collection infrastructure and also enable a threat intelligence feed containing TOR intelligence data such as iDefense.

Note: The standard Spectre requirements are not inclusive of this integration. Additional storage may be required to index a TOR feed.

Configure the TOR feed as follows:

  1. On Spectre's main menu, browse to Settings > Integrations > Open Source Feeds > TOR.
  2.  Enable the threat feed by sliding the toggle button to On.

  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily,, for example, of 12 to poll twice a day,.
  4. Click Submit
    Feed is configured.