Hi,
I'm looking to see what are the options to detect and block malicious IPs and Domains that made inbound \ outbound connections per individual device on the network. This is to establish if a device was compromised in some way and to detect and block malicious connection(s) taking place. When it comes to features, what I would like to see is:
- Log IPs \ Domains per device with a timestamp upon malicious connection and when it was blocked.
- Archive logs of IPs \ Domains within selected amount of time for detection and blocking in the future.
- Dashboard with data and metrics.
- Highlight connections to suspicious \ malicious domains in the dashboard.
- Search functionality where I can manually search if a specific IP \ Domain made a connection on my network.
- Automatically grab fresh feeds of data to keep database of malicious domains and IPs up to date.
- Store logs up to selected amount of months or years e.g 3 months or 1 year as an example.
- Automatically block connections to malicious domains \ IPs that are on the downloaded data feeds.
I'm thinking about buying external hard drive that I would connect via USB port to store logs so storage is not a problem. However, my hardware is relatively weak with 4 CPU cores and 8GB of DDR4 RAM. I'm looking for something more automated where I set it up and it just works or I can occasionally do maintenance on it to review blocked domains and ips. My initial plan was to just monitor if a malicious connection took place but automatically blocking it would make things much easier. I'm looking for a solution that is aimed at home usage. I don't mind paying a small monthly fee if the solution does what I need with all the required features and very up to date data feed, however, I would prefer something free.
Any suggestions how I can go about it and what are my options ?