Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Visualizations for IoT Honeypot generated EDL events #29

Open
punisherVX opened this issue Jun 25, 2018 · 0 comments
Open

Visualizations for IoT Honeypot generated EDL events #29

punisherVX opened this issue Jun 25, 2018 · 0 comments
Assignees
@punisherVX @kevwal1
Labels
customer request enhancement New feature or request sfn team discussion visualizations Viz/Reports/Dashboards for Kibana

Comments

@punisherVX
Copy link
Contributor

punisherVX commented Jun 25, 2018
edited
Loading

Visualizations needed for new IoT information generated from honeypot EDL information. Depends on #27 being completed first.

Ticket #28: IoT Safe Networking Processing -- Domains

We need to add to SN the ability to identify IoT C2 activity via DNS that we have learned from our Honeypots.

High level requirements include

  • creation of EDLs from IoT Domain files generated by honeypot team. First instance of this could be manual but long term could include Minemeld work to keep the EDL updated
  • identity the EDL event from the FW vs. the Threat events from DNS db or WF as these events will need special processing
  • storing of the malware family and associated domains in the SN database. This will need to be created from the text files created from the Honeypot team today. Sample file here:
    https://paloaltonetworks.box.com/s/halb8utfbtm8k319lvc6bn6xred44hni
  • creation of new reports to showcase IoT activity
@punisherVX punisherVX added customer request enhancement New feature or request team discussion visualizations Viz/Reports/Dashboards for Kibana labels Jun 25, 2018
@zube zube bot assigned punisherVX and kevwal1 Apr 30, 2019
@punisherVX punisherVX added the sfn label Oct 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@punisherVX punisherVX

@kevwal1 kevwal1

Labels
customer request enhancement New feature or request sfn team discussion visualizations Viz/Reports/Dashboards for Kibana
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@punisherVX @kevwal1