[Owasp_wasc_distributed_web_honeypots_project] How to Release Data to the Community?

Ryan Barnett ryan.barnett at owasp.org
Wed Apr 8 17:20:53 UTC 2015


Hello everyone,
As I am starting to look through the central logging Console host at the
data we are receiving, I am struck with our next issueŠ  Which is out to
release information.   I can easily do this -
https://twitter.com/OwaspHoneypots/status/585147356410155009 - but that
seems incomplete and not of much actionable intel.   I wanted to start up a
discussion around different options for providing data back to the community
around this project.  I see a number of options ­
1. Periodic ³Status Reports² - these could be based on standard time
intervals such as Quarterly reports, etcŠ  This could include intresting
statistics of the captured data such as top attacker sources, tools used,
vulns targeted.
2. ³Emerging Attack² Reports ­ these would be released on-demand if we spot
new, interesting attacks.
3. Deep-analysis Reports ­ that could look deeper into correlating data ­
perhaps taking a look at distributed brute force scanning efforts or botnet
activity, etcŠ
These are just some ideas of possible reporting options.  Another topic
would be what technology to best use to distribute the data?  I see a number
of options -
1. We can certainly post files to the OWASP project page.
2. We can also send out data here on the mail-list.
3. We can also send out alerts through the Twitter account
(https://twitter.com/OwaspHoneypots).
4. I would also like to look into possibly having access to the OWASP blog
(http://owasp.blogspot.com/) to post content.  I envision something simialr
to the SANS Internet Storm Center Handler Diary
(https://isc.sans.edu/diaryarchive.html) where we can post stories.
5. I also created this GitHub Repo -
https://github.com/SpiderLabs/owasp-distributed-web-honeypots.  This may
also be a good location for us to upload sanitized (meaning we REDACT the
honeypot hostname/IP data) ModSecurity audit event data (which you can
download from the central logging host).  This could become an outstanding
repository of real-world web attack data intelligence that community users
could leverage.
These are just some ideas and I would love feedback.

Thanks,
Ryan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150408/bd74a5a4/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list