[Snort-users] Logs Snort to attack map

Daniel daniel at ...17766...
Thu Jan 26 11:55:28 EST 2017


Hey,

not sure if you are doing it „just for fun“
But i run it in Kibana and created some Dashboards which is more flexible i think.



> Am 23.01.2017 um 16:02 schrieb Diego Brum <diego.brum at ...17765...>:
> 
> I'm working on the project https://github.com/MatthewClarkMay/geoip-attack-map <https://github.com/MatthewClarkMay/geoip-attack-map> and developed scripts that normalize the snort log and send it to the attack map. I use swatch and shell scripts. I wonder if anyone cares or has a better idea.
> 
> 
> <mapattack_portfolio.png>
>> 
> 
> 
> -- 
> Diego Brum Lima Rocha
> Tecnólogo em Segurança da Informação no NTIC
> Instituto Federal de Brasília - IFB
> 61 2103-2129
> 
> 
> Policies of Perpetual Paranoia
> 
> Adopt universal IT Security policy:
> 
> 1- No network is trusted, inside or out
> 2- No user is fully trusted, anywhere
> 3- No app's native security is trusted
> 4- The bad guys are already inside
> 
> 
> “O elemento humano é um grande desafio. Mesmo investindo 
> em tecnologias e soluções de segurança, se o usuário não tiver um 
> comportamento seguro, todo esforço em proteger a informação será em vão”
> 
> 
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v2
> 
> mQENBFczy8YBCADdYbqN5j7FkPdyJrG2uPn2gBa5QBPwL9XVBf2dDsTf8Jwg4Kbd
> yvVOuw1ode4HhsybM4DIFNJ26twEOZ6SlhDoA4ityGZodhsELyYhVH2yo7z/O7un
> hYhiks8PcVayAcBrz/lYmFWVZxav88jL0F7j3/koorZJ3nIuzyZS7txtQ/urEI6l
> jqddfRGtiP854cB2Yx9vcraxpJG/QsuDz+tvdYCr6ks+53f7PZGatXpXra6lD1f4
> 6Klx5K7VvAR3FxS9NUWClk+9Dt+oF3pgX2y5toaFOI66IlfqgIkqYmX0ryVRVgtf
> /ZgxmwPFMm6r7TsYFIISmr0Fj8qgtu0fF3F9ABEBAAG0LERpZWdvIEJydW0gTGlt
> YSBSb2NoYSA8ZGllZ28uYnJ1bUBnbWFpbC5jb20+iQE5BBMBAgAjBQJXM8vGAhsv
> BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQkjLA1OAEedsmcQgAkldRntlL
> nnMveFkfLCljYdn1WKeaWQarM9vaeR7GlLgFXXVGeTc388hb+qwvFq1KhTs0vRqN
> v00W5zeb4xbnYLVgGLVoedW8yGG19OGIMyKjf/+r8G8pKzKkxbHq+6cJRpHmrmWp
> LR2Cry8HQxg32Yg13FsjC2ttigEc6KJ05eVtO21aazGVziyrT87rjwBJ9esWFYdu
> C/TEvpyew2+kvgIOGZCl4LpGw15+E2VwGb5ohNaM21tlFcFir/eL/YXPIt2qcQ87
> PIPvX02J6GIxOtXaO1OLj4tykKIrywUcKaztL9Cu5F1xnX5PGKXTg3Qtc6gR/HBQ
> GEdJcC/rC6X7T7kBDQRXM8vGAQgArG5BbsTXNHaaoPxWp/+iir7/r55wiXkyJOPa
> Vj5Fa56fcHmjcRRqqgQwqngbABufMJkNz8+LsMo9cVSVCz0Zt7LFLTygs6GGEPeN
> piAl7bh0Y3FBotqcv1IAfUIWuFGoOYQc07+QDhoWKC4PcVMX7zeVPNgvD56WCL3H
> 00FG7xZIWz1DtY7ktAwHLKiZj+e1sFzQS0sYPrjAuGLXMawOf31+8pdNxdVyoZoH
> pAlpC2JOZET65+KSjBJWYZXWOjgRoWqzrQsFJI3NP7V0UxKzODKl1syfob/Upia0
> X8pu2/x64otgEYlSY2y2gZsaiR3jrD1SA75pisk5Zz5YGrKGfQARAQABiQI+BBgB
> AgAJBQJXM8vGAhsuASkJEJIywNTgBHnbwF0gBBkBAgAGBQJXM8vGAAoJELf5cQBP
> e8ngYiIH/RRLcHRRrxO8W+n/DHrarSN33lpUnqei1MwNgX6TaxvHQfZWt1B+CjIZ
> od2Lsanz2G4y7aKY6zQ3QCaGWxlJLxUPff+kxuQRc3f034ZCM5iDMNrmq7ccpXc1
> IjawE8+3iq8B85tTdDob4kX6bTfnBIUXe52v1GCdMz+WPpDLk5OeZYEF3QjSVneB
> pTX4dkGPSMCGHsWnN111GmSREMezXUe0m8DB3qQpmGRiA8ILsHxupovwWsR0LLat
> USR2zfZAbmxnTSlsBBx8t+fc3RhsYBQFgtA4ZduQk653xmjE9BL8M25ubwIZ2tzE
> 4IbKY5IUGnHOT5zGZPk0Q9n+6GC1CZXE8Qf9Hl3thPI2HL4ycAcXTZQVQZSv08pp
> ImRmMpHf3Y2t9trHdcpmbn/GIlh2m4/LFCIhDv8hoHK/E/oQKBXTtPt7Ftb0UFAQ
> aCElIdz4q5XlhnwJeK1R2HyA3EIDNGiVt+RD7HpV5gPsxU/+oSweb8AHtfafev/a
> 5Ijqnm/ysP7UXXLSNmi/WsFLJNqAga1OS+Py2RyOmbwekm82kjYx5av/7jaBUe5U
> lNwHGZgb7K9XKD1kq3v4s3r0rqs19J2EGbv/0mGY17Co9tWoy+bVfaEfp1lXsyRc
> IiQnJ+RwkfeVrBVUry8xq49eezozFpeWZ6Yf4ASk6Ikas18Bml4y2QjaTg==
> =5adw
> -----END PGP PUBLIC KEY BLOCK-----
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170126/a11c929a/attachment.html>


More information about the Snort-users mailing list