Working with Data

Organize all that Data!

At some point the c-Champions will need to provide technical resources to the network engineers and stakeholder managers. This section of the Toolkit provides a listing of various cyber threat hunting tools for the technical analysts within stakeholder organizations. Below are a series of hotlinks and short descriptions of tools used to organize data gathered from honeypots.

https://github.com/aplura/Tango-“ Tango is a set of scripts and Splunk apps which help organizations and users quickly and easily deploy honeypots and then view the data and analysis of the attacker sessions.”( Aplura. (2017) aplura/Tango: Honeypot Intelligence with Splunk. Retrieved May 2, 2017, from https://github.com/aplura/Tango)

https://github.com/jedie/django-kippo-( Jedie. (2017) jedie/django-kippo: Django App for kippo SSH Honeypot: https://code.google.com/p/kippo. Retrieved May 2, 2017, from https://github.com/jedie/django-kippo)

https://github.com/GovCERT-CZ/Wordpot-Frontend-“ Wordpot-Frontend is a full featured script to visualize statistics from a Wordpot honeypot.”( Govcert-Cz. (2017) GovCERT-CZ/Wordpot-Frontend. Retrieved May 2, 2017, from https://github.com/GovCERT-CZ/Wordpot-Frontend)

https://github.com/GovCERT-CZ/Shockpot-Frontend-“ Shockpot-Frontend is a full featured script to visualize statistics from a Shockpot honeypot.”( Govcert-Cz. (2017) GovCERT-CZ/Shockpot-Frontend. Retrieved May 2, 2017, from https://github.com/GovCERT-CZ/Shockpot-Frontend)

https://github.com/schmalle/honeyalarmg2-( Schmalle. (2017) schmalle/honeyalarmg2: Simplified UI for showing honeypot alarms. Retrieved May 2, 2017, from https://github.com/schmalle/honeyalarmg2)

https://github.com/rubenespadas/DionaeaFR-“ Front Web to Dionaea low-interaction honeypot.”( Rubenespadas. (2017) rubenespadas/DionaeaFR: Dionaea Front Web. Retrieved May 2, 2017, from https://github.com/rubenespadas/DionaeaFR)

https://github.com/mfontani/kippo-stats-( Mfontani. (2017) mfontani/kippo-stats: Mojolicious app to display statistics for your kippo SSH honeypot. Retrieved May 2, 2017, from https://github.com/mfontani/kippo-stats)

https://github.com/fw42/honeymap-( Fw42. (2017) fw42/honeymap: Real-time websocket stream of GPS events on a fancy SVG world map. Retrieved May 2, 2017, from https://github.com/fw42/honeymap)

https://github.com/SneakersInc/HoneyMalt-( Sneakersinc. (2017) SneakersInc/HoneyMalt: Maltego tranforms for mapping Honeypot systems. Retrieved May 2, 2017, from https://github.com/SneakersInc/HoneyMalt)

https://github.com/ayrus/afterglow-cloud-( Ayrus. (2017) ayrus/afterglow-cloud: AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012. Retrieved May 2, 2017, from https://github.com/ayrus/afterglow-cloud)

http://afterglow.sourceforge.net/-( Raffael Marty. (2017) AfterGlow | Link Graph Visualization | Project Home. Retrieved May 2, 2017, from http://afterglow.sourceforge.net/)

https://github.com/oguzy/ovizart-“ Open VİZual Analsis foR network Traffic”( Oguzy. (2017) oguzy/ovizart. Retrieved May 2, 2017, from https://github.com/oguzy/ovizart)

https://github.com/yuchincheng/HpfeedsHoneyGraph-( Yuchincheng. (2017) yuchincheng/HpfeedsHoneyGraph: HpfeedsHoneyGraph is a visualization app to visualize hpfeeds logs. Retrieved May 2, 2017, from https://github.com/yuchincheng/HpfeedsHoneyGraph)

https://github.com/hgascon/Acapulco4HNP-( Hgascon. (2017) hgascon/Acapulco4HNP: Automated Attack Community Graph Construction. Retrieved May 2, 2017, from https://github.com/hgascon/Acapulco4HNP)