Organize all that Data!
At some point the c-Champions will need to provide technical resources to the network engineers and stakeholder managers. This section of the Toolkit provides a listing of various cyber threat hunting tools for the technical analysts within stakeholder organizations. Below are a series of hotlinks and short descriptions of tools used to organize data gathered from honeypots.
Tango – “ Tango is a set of scripts and Splunk apps which help organizations and users quickly and easily deploy honeypots and then view the data and analysis of the attacker sessions.”( Aplura. (2017) aplura/Tango: Honeypot Intelligence with Splunk. Retrieved May 2, 2017, from https://github.com/aplura/Tango)
Django-Kippo-( Jedie. (2017) jedie/django-kippo: Django App for kippo SSH Honeypot: https://code.google.com/p/kippo. Retrieved May 2, 2017, from https://github.com/jedie/django-kippo)
Wordpot-Frontend – “ Wordpot-Frontend is a full featured script to visualize statistics from a Wordpot honeypot.”( Govcert-Cz. (2017) GovCERT-CZ/Wordpot-Frontend. Retrieved May 2, 2017, from https://github.com/GovCERT-CZ/Wordpot-Frontend)
Shockpot-Frontend – “ Shockpot-Frontend is a full featured script to visualize statistics from a Shockpot honeypot.”( Govcert-Cz. (2017) GovCERT-CZ/Shockpot-Frontend. Retrieved May 2, 2017, from https://github.com/GovCERT-CZ/Shockpot-Frontend)
Honeyalarmg2 – ( Schmalle. (2017) schmalle/honeyalarmg2: Simplified UI for showing honeypot alarms. Retrieved May 2, 2017, from https://github.com/schmalle/honeyalarmg2)
DionaeaFR – “ Front Web to Dionaea low-interaction honeypot.”( Rubenespadas. (2017) rubenespadas/DionaeaFR: Dionaea Front Web. Retrieved May 2, 2017, from https://github.com/rubenespadas/DionaeaFR)
Kippo Stats – ( Mfontani. (2017) mfontani/kippo-stats: Mojolicious app to display statistics for your kippo SSH honeypot. Retrieved May 2, 2017, from https://github.com/mfontani/kippo-stats)
HoneyMap – ( Fw42. (2017) fw42/honeymap: Real-time websocket stream of GPS events on a fancy SVG world map. Retrieved May 2, 2017, from https://github.com/fw42/honeymap)
HoneyMalt – ( Sneakersinc. (2017) SneakersInc/HoneyMalt: Maltego tranforms for mapping Honeypot systems. Retrieved May 2, 2017, from https://github.com/SneakersInc/HoneyMalt)
AfterGlow-Cloud – ( Ayrus. (2017) ayrus/afterglow-cloud: AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012. Retrieved May 2, 2017, from https://github.com/ayrus/afterglow-cloud)
AfterGlow – ( Raffael Marty. (2017) AfterGlow | Link Graph Visualization | Project Home. Retrieved May 2, 2017, from http://afterglow.sourceforge.net/)
OVIZART – “ Open VİZual Analsis foR network Traffic”( Oguzy. (2017) oguzy/ovizart. Retrieved May 2, 2017, from https://github.com/oguzy/ovizart)
HpfeedsHoneyGraph – ( Yuchincheng. (2017) yuchincheng/HpfeedsHoneyGraph: HpfeedsHoneyGraph is a visualization app to visualize hpfeeds logs. Retrieved May 2, 2017, from https://github.com/yuchincheng/HpfeedsHoneyGraph)
Acapulco – ( Hgascon. (2017) hgascon/Acapulco4HNP: Automated Attack Community Graph Construction. Retrieved May 2, 2017, from https://github.com/hgascon/Acapulco4HNP)