IT Threats GeoDashboard
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
suspicious_0.9.1
INSTALL.md
LICENSE
Makefile
README.md
suspicious_0.9.1-1_all.deb
suspicious_0.9.1-1_i386.build
suspicious_0.9.1-1_i386.changes
suspicious_0.9.1.tar.bz2

README.md

Suspicious

IT Threats GeoDashboard - Demo

Features

Statistic reports : countries, services, targets

Threat reports : target, source, geolocalize (country, region, city), service, timelog

Map features : drag, zoom, select country, select it threat, drag it threat, disperse it threats (double click)

Timeline reports : move backward and forward in time threat database. Selecting a report before going into timeline mode results into report survey over timeline.

Technologies

This application has been build on a GNU/Linux environment and may work on any UNIX system supporting the following technologies. By the way, there may be PATH and perl REGEXP issues with the perl backend if you try to deploy it on Windows.

Backend

  • fail2ban : used to detect, log and act when malicious activity occurs
  • MaxMind GeoIP : used to get geographic IP details : latitude, longitude, city, region, country
  • perl : used to process strings with perl REGEXP in order to format the data for the frontend, this script produces csv files
  • cron : used to update MaxMind GeoIP database and to call backend perl script to push the data to the frontend

Frontend

  • web server : apache2 nginx, lighttpd will serve our static files to end-users internet browsers
  • d3js : this technology will be used to build the Suspicious GeoDashboard user interface, especially for its geographical library
  • html/css : user interface

How to deploy Suspicious GeoDashboard