-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add functionality to pull in REAL attack data from security system sources (Honeypot/IPS/Firewalls). #16
Comments
We could really use this feature. If we could pull from a log file that we generate, within a customize-able time period, it will help show what our systems deal with on a daily basis! |
I second this enhancement |
If you inspect the HTML on the link described here - http://datadrivensecurity.info/blog/posts/2015/Aug/mhn-machinations-r-python-javascript/ - there's a gd start on it (pulling live data from the MHN network). |
like your project and would like to ask for something if possible , rather than using random ip , can you make it reads a csv file that contain source attacker , target ip and source country and target country? would be amazing if it's possible |
So, I've pretty much got a working version of this now. I made a few mods to this project to suit my needs and trimmed down most of the options.(i took out most of the formatting, sounds, etc.,). I was looking to display live attack data on a dashboard. They key is a node.js app i wrote which serves up the map web page, listens on 514 for incoming messages, pulls IP addresses out of the message, performs an ip-geolookup, and sends that data to the browser, where the arcs are drawn. The idea was that you can send any syslog data at it, and it will map the IP's it sees. For my project, all the destination IP's are always my datacenter, so I have that as a static destination for all the arcs. For that reason, I put the bubbles at the source, not the destination. You could mess with the logic a bit and feed it live source and destination if you choose. Disclaimer: First javascript and html I've written, so excuse any formatting or logic errors. Also, pretty new to github, so hopefully everything is set up right. I did have a working version which parsed log files as I built this. I had trouble slowing it down when running it in javascript. I think this works better - I wrote a powershell script which I've included in the project test folder which will parse a csv file for IP Addresses, and send it over a socket 514 to your node instance. The powershell script has a throttle in it. Alternately, the node app could be reworked to read a file. |
Josh - You rock! This is perfect. I will try this out and give you some feedback. I agree on making a buffer on the attack map server. |
Hello,
It would be awesome to add functionality of this attack map so that the map displays real attack data from security system sources such as Honeypots, Intrusion Prevention Systems, Intrusion Detection Systems, and Firewalls that we run on our network.
The text was updated successfully, but these errors were encountered: