[Owasp_wasc_distributed_web_honeypots_project] How to Release Data to the Community?
littlecho at littlecho.tw
Sat Apr 11 09:44:23 UTC 2015
I would like to suggest that deploy a simple blogging web
application with github pages, and the reports can periodically be
pushed to the branch for updates. It may be possible to use github
to send a notificaion to all the participants by dropping the
email to the mailing list. Hope this can do some helps! Thanks!
On Thu, Apr 9, 2015, at 01:20 AM, Ryan Barnett wrote:
> Hello everyone,
> As I am starting to look through the central logging Console host at the
> data we are receiving, I am struck with our next issueŠ Which is out to
> release information. I can easily do this -
> https://twitter.com/OwaspHoneypots/status/585147356410155009 - but that
> seems incomplete and not of much actionable intel. I wanted to start up
> discussion around different options for providing data back to the
> around this project. I see a number of options
> 1. Periodic ³Status Reports² - these could be based on standard time
> intervals such as Quarterly reports, etcŠ This could include intresting
> statistics of the captured data such as top attacker sources, tools used,
> vulns targeted.
> 2. ³Emerging Attack² Reports these would be released on-demand if we
> new, interesting attacks.
> 3. Deep-analysis Reports that could look deeper into correlating data
> perhaps taking a look at distributed brute force scanning efforts or
> activity, etcŠ
> These are just some ideas of possible reporting options. Another topic
> would be what technology to best use to distribute the data? I see a
> of options -
> 1. We can certainly post files to the OWASP project page.
> 2. We can also send out data here on the mail-list.
> 3. We can also send out alerts through the Twitter account
> 4. I would also like to look into possibly having access to the OWASP
> (http://owasp.blogspot.com/) to post content. I envision something
> to the SANS Internet Storm Center Handler Diary
> (https://isc.sans.edu/diaryarchive.html) where we can post stories.
> 5. I also created this GitHub Repo -
> https://github.com/SpiderLabs/owasp-distributed-web-honeypots. This may
> also be a good location for us to upload sanitized (meaning we REDACT the
> honeypot hostname/IP data) ModSecurity audit event data (which you can
> download from the central logging host). This could become an
> repository of real-world web attack data intelligence that community
> could leverage.
> These are just some ideas and I would love feedback.
> Owasp_wasc_distributed_web_honeypots_project mailing list
> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
More information about the Owasp_wasc_distributed_web_honeypots_project