Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
Dockerfile
README.md
suspicious-16.04.run

README.md

ffrouin/suspicious-16.04 is based on ffrouin/system-16.04

Suspicious

IT Threats GeoDashboard - Demo

Features

Statistic reports : countries, services, targets Threat reports : target, source, geolocalize (country, region, city), service, timelog Map features : drag, zoom, select country, select it threat, drag it threat, disperse it threats (double click) Timeline reports : move backward and forward in time threat database. Selecting a report before going into timeline mode results into report survey over timeline.

Backend Technologies

  • fail2ban : used to detect, log and act when malicious activity occurs
  • MaxMind GeoIP : used to get geographic IP details : latitude, longitude, city, region, country
  • perl : used to process strings with perl REGEXP in order to format the data for the frontend, this script produces csv files
  • cron : used to update MaxMind GeoIP database and to call backend perl script to push the data to the frontend

Frontend Technologies

  • web server : apache2 nginx, lighttpd will serve our static files to end-users internet browsers
  • d3js : this technology will be used to build the Suspicious GeoDashboard user interface, espacialy for its geographical library
  • html/css : user interface

How to use the container image

docker run -d --name "suspicious-16.04" -p 8888:80 ffrouin/suspicious-16.04

You can access suspicious dashboard using http://<docker_host>:8888/suspicious

You can access suspicious dashboard

http://<docker_host>:8888/suspicious

Integrate new data to your suspicious reports

Please consult Suspicious Documentation

Accounts Notes

freddy : container support and maintenance (rsa key authentication)

--

Sources : https://github.com/ffrouin/docker Support : Freddy Frouin http://freddy.linuxtribe.fr