Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Announcing a global view on Internet events: ATLAS

From: Jose Nazario <jose () monkey org>
Date: Tue, 6 Feb 2007 11:10:33 -0500 (EST)
Yesterday, Arbor Networks launched the public portal for our ATLAS project, a product of my team (ASERT) and something near and dear to my heart. As an incident and threat analyst, I have cobbled together tools and utilities for discovering what's afoot on the Internet in near real-time for years, so a lot of my ideas and needs went into this. ATLAS is something I use every day to investigate incidents and gather data via packet capture, payload analysis, and honeypots. You can find the free, public site here: 

    http://atlas.arbor.net/
Registration isn't required, that's focusing mainly on commercial customers. Public users get access to the portal for free, and we plan to keep it that way.
The goal is to find out information about incidents that we know about and also to discover what is likely to happen in the near term. An example would be scans and attacks for a newly disclosed vulnerability.
We built ATLAS using a combination of tools we've built and used in the past to capture and distill scan traffic, lightweight honeypots for insights into what's going on, and attack characterizations. As this project progresses we'll be gathering more information and sharing it with the community, we hope that you stay tuned.
The public portal is targeted at people with needs similar to my own as an analyst, and it's designed to give you a simple, high impact view of the Internet: - entity reports about countries, ASNs and hosts launching attacks, distilling their activities into usable data - vulnerability and attack reports showing you background info and attack data - service reports showing you vulnerabilities and attacks, as well as activity sources 
- news and analysis
It's designed to put relevant information on the page in front of you when you need it most and is inspired by intelligence tools from similar fields.
We launched it to help the analyst community, and in the coming weeks and months we'll be adding features such as community forums so that everyone can participate, more data sources, and more features. We hope you find it as useful as we have, and welcome your feedback and use of the site. 

-- jose () arbor net

________
jose nazario, ph.d.                 jose () monkey org
http://monkey.org/~jose/            http://monkey.org/~jose/secnews.html
                                    http://www.wormblog.com/
Previous By Date Next
Previous By Thread Next

Current thread: