Add functionality to pull in REAL attack data from security system sources (Honeypot/IPS/Firewalls). about pewpew HOT 6 OPEN

So, I've pretty much got a working version of this now. I made a few mods to this project to suit my needs and trimmed down most of the options.(i took out most of the formatting, sounds, etc.,). I was looking to display live attack data on a dashboard.

They key is a node.js app i wrote which serves up the map web page, listens on 514 for incoming messages, pulls IP addresses out of the message, performs an ip-geolookup, and sends that data to the browser, where the arcs are drawn.

The idea was that you can send any syslog data at it, and it will map the IP's it sees. For my project, all the destination IP's are always my datacenter, so I have that as a static destination for all the arcs. For that reason, I put the bubbles at the source, not the destination. You could mess with the logic a bit and feed it live source and destination if you choose.

Disclaimer: First javascript and html I've written, so excuse any formatting or logic errors. Also, pretty new to github, so hopefully everything is set up right.

I did have a working version which parsed log files as I built this. I had trouble slowing it down when running it in javascript. I think this works better - I wrote a powershell script which I've included in the project test folder which will parse a csv file for IP Addresses, and send it over a socket 514 to your node instance. The powershell script has a throttle in it. Alternately, the node app could be reworked to read a file.

https://github.com/joshftx/maps

from pewpew.

We could really use this feature. If we could pull from a log file that we generate, within a customize-able time period, it will help show what our systems deal with on a daily basis!

from pewpew.

I second this enhancement

from pewpew.

If you inspect the HTML on the link described here - http://datadrivensecurity.info/blog/posts/2015/Aug/mhn-machinations-r-python-javascript/ - there's a gd start on it (pulling live data from the MHN network).

from pewpew.

like your project and would like to ask for something if possible , rather than using random ip , can you make it reads a csv file that contain source attacker , target ip and source country and target country?

would be amazing if it's possible

from pewpew.

Josh - You rock! This is perfect. I will try this out and give you some feedback. I agree on making a buffer on the attack map server.

from pewpew.