logisland

logisland copied to clipboard

https://www.youtube.com/watch?v=tUASgZN3PDM https://www.slideshare.net/HadoopSummit/using-sequence-statistics-to-fight-advanced-persistent-threats In a persistent threat, the attacker often penetrates a system but exploits information captured there elsewhere at a throttled rate to avoid detection. In some cases, the attacker...

oalam

=> may be just templates or mapping config to handle a uniform naming convention : https://github.com/apache/incubator-spot/blob/master/docs/open-data-model/open-data-model.md have a look to : https://github.com/Open-Network-Insight/open-network-insight

oalam

add a graph of interactions between IPs (the number of interactions define proximity of nodes)

1

# Expected behavior and actual behavior. # Steps to reproduce the problem. # Specifications like the version of the project, operating system, or hardware.

lhubert

add a detection of ransomware (encrypting disk) and action generator to isolate machine

2

# Expected behavior and actual behavior. # Steps to reproduce the problem. # Specifications like the version of the project, operating system, or hardware.

lhubert

oalam

Hail A Taxi Multiple Stix/Taxii External Stix/Taxii Feed http://hailataxii.com/ Poll every 5 minutes

oalam

Soltra Multiple Stix/Taxii Threat Intel Feed Aggregator https://soltra.com/ Poll every 5 minutes

oalam

oalam

add possibility to use setRouting in putElasticSearch processor

1

You can use this to specify a string that will be used to gather document having the same routing in the same shard in order to optimize perfs.

MiniPlayer

Some papers might help http://www.cs.cmu.edu/~xiaohuay/papers/draft_TISSEC.pdf

lhubert