Re: Logs Snort to attack map

[Daniel <daniel () linux-nerd de>]

Hey,

not sure if you are doing it „just for fun“
But i run it in Kibana and created some Dashboards which is more flexible i think.



> Am 23.01.2017 um 16:02 schrieb Diego Brum <diego.brum () ifb edu br>:
>
> I'm working on the project https://github.com/MatthewClarkMay/geoip-attack-map 
> <https://github.com/MatthewClarkMay/geoip-attack-map> and developed scripts that normalize the snort log and send it 
> to the attack map. I use swatch and shell scripts. I wonder if anyone cares or has a better idea.
>
>
> <mapattack_portfolio.png>
> ​
>
>
>
> -- 
> Diego Brum Lima Rocha
> Tecnólogo em Segurança da Informação no NTIC
> Instituto Federal de Brasília - IFB
> 61 2103-2129
>
>
> Policies of Perpetual Paranoia
>
> Adopt universal IT Security policy:
>
> 1- No network is trusted, inside or out
> 2- No user is fully trusted, anywhere
> 3- No app's native security is trusted
> 4- The bad guys are already inside
>
>
> “O elemento humano é um grande desafio. Mesmo investindo 
> em tecnologias e soluções de segurança, se o usuário não tiver um 
> comportamento seguro, todo esforço em proteger a informação será em vão”
>
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v2
>
> mQENBFczy8YBCADdYbqN5j7FkPdyJrG2uPn2gBa5QBPwL9XVBf2dDsTf8Jwg4Kbd
> yvVOuw1ode4HhsybM4DIFNJ26twEOZ6SlhDoA4ityGZodhsELyYhVH2yo7z/O7un
> hYhiks8PcVayAcBrz/lYmFWVZxav88jL0F7j3/koorZJ3nIuzyZS7txtQ/urEI6l
> jqddfRGtiP854cB2Yx9vcraxpJG/QsuDz+tvdYCr6ks+53f7PZGatXpXra6lD1f4
> 6Klx5K7VvAR3FxS9NUWClk+9Dt+oF3pgX2y5toaFOI66IlfqgIkqYmX0ryVRVgtf
> /ZgxmwPFMm6r7TsYFIISmr0Fj8qgtu0fF3F9ABEBAAG0LERpZWdvIEJydW0gTGlt
> YSBSb2NoYSA8ZGllZ28uYnJ1bUBnbWFpbC5jb20+iQE5BBMBAgAjBQJXM8vGAhsv
> BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQkjLA1OAEedsmcQgAkldRntlL
> nnMveFkfLCljYdn1WKeaWQarM9vaeR7GlLgFXXVGeTc388hb+qwvFq1KhTs0vRqN
> v00W5zeb4xbnYLVgGLVoedW8yGG19OGIMyKjf/+r8G8pKzKkxbHq+6cJRpHmrmWp
> LR2Cry8HQxg32Yg13FsjC2ttigEc6KJ05eVtO21aazGVziyrT87rjwBJ9esWFYdu
> C/TEvpyew2+kvgIOGZCl4LpGw15+E2VwGb5ohNaM21tlFcFir/eL/YXPIt2qcQ87
> PIPvX02J6GIxOtXaO1OLj4tykKIrywUcKaztL9Cu5F1xnX5PGKXTg3Qtc6gR/HBQ
> GEdJcC/rC6X7T7kBDQRXM8vGAQgArG5BbsTXNHaaoPxWp/+iir7/r55wiXkyJOPa
> Vj5Fa56fcHmjcRRqqgQwqngbABufMJkNz8+LsMo9cVSVCz0Zt7LFLTygs6GGEPeN
> piAl7bh0Y3FBotqcv1IAfUIWuFGoOYQc07+QDhoWKC4PcVMX7zeVPNgvD56WCL3H
> 00FG7xZIWz1DtY7ktAwHLKiZj+e1sFzQS0sYPrjAuGLXMawOf31+8pdNxdVyoZoH
> pAlpC2JOZET65+KSjBJWYZXWOjgRoWqzrQsFJI3NP7V0UxKzODKl1syfob/Upia0
> X8pu2/x64otgEYlSY2y2gZsaiR3jrD1SA75pisk5Zz5YGrKGfQARAQABiQI+BBgB
> AgAJBQJXM8vGAhsuASkJEJIywNTgBHnbwF0gBBkBAgAGBQJXM8vGAAoJELf5cQBP
> e8ngYiIH/RRLcHRRrxO8W+n/DHrarSN33lpUnqei1MwNgX6TaxvHQfZWt1B+CjIZ
> od2Lsanz2G4y7aKY6zQ3QCaGWxlJLxUPff+kxuQRc3f034ZCM5iDMNrmq7ccpXc1
> IjawE8+3iq8B85tTdDob4kX6bTfnBIUXe52v1GCdMz+WPpDLk5OeZYEF3QjSVneB
> pTX4dkGPSMCGHsWnN111GmSREMezXUe0m8DB3qQpmGRiA8ILsHxupovwWsR0LLat
> USR2zfZAbmxnTSlsBBx8t+fc3RhsYBQFgtA4ZduQk653xmjE9BL8M25ubwIZ2tzE
> 4IbKY5IUGnHOT5zGZPk0Q9n+6GC1CZXE8Qf9Hl3thPI2HL4ycAcXTZQVQZSv08pp
> ImRmMpHf3Y2t9trHdcpmbn/GIlh2m4/LFCIhDv8hoHK/E/oQKBXTtPt7Ftb0UFAQ
> aCElIdz4q5XlhnwJeK1R2HyA3EIDNGiVt+RD7HpV5gPsxU/+oSweb8AHtfafev/a
> 5Ijqnm/ysP7UXXLSNmi/WsFLJNqAga1OS+Py2RyOmbwekm82kjYx5av/7jaBUe5U
> lNwHGZgb7K9XKD1kq3v4s3r0rqs19J2EGbv/0mGY17Co9tWoy+bVfaEfp1lXsyRc
> IiQnJ+RwkfeVrBVUry8xq49eezozFpeWZ6Yf4ASk6Ikas18Bml4y2QjaTg==
> =5adw
> -----END PGP PUBLIC KEY BLOCK-----
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!