[Owasp_wasc_distributed_web_honeypots_project] How to Release Data to the Community?

LittleCho littlecho at littlecho.tw
Sat Apr 11 09:44:23 UTC 2015


Dear Ryan,

      I would like to suggest that deploy a simple blogging web
      application with github pages, and the reports can periodically be
      pushed to the branch for updates. It may be possible to use github
      to send a notificaion to all the participants by dropping the
      email to the mailing list. Hope this can do some helps! Thanks!

-- 
BR, LittleCho

On Thu, Apr 9, 2015, at 01:20 AM, Ryan Barnett wrote:
> Hello everyone,
> As I am starting to look through the central logging Console host at the
> data we are receiving, I am struck with our next issueŠ  Which is out to
> release information.   I can easily do this -
> https://twitter.com/OwaspHoneypots/status/585147356410155009 - but that
> seems incomplete and not of much actionable intel.   I wanted to start up
> a
> discussion around different options for providing data back to the
> community
> around this project.  I see a number of options ­
> 1. Periodic ³Status Reports² - these could be based on standard time
> intervals such as Quarterly reports, etcŠ  This could include intresting
> statistics of the captured data such as top attacker sources, tools used,
> vulns targeted.
> 2. ³Emerging Attack² Reports ­ these would be released on-demand if we
> spot
> new, interesting attacks.
> 3. Deep-analysis Reports ­ that could look deeper into correlating data ­
> perhaps taking a look at distributed brute force scanning efforts or
> botnet
> activity, etcŠ
> These are just some ideas of possible reporting options.  Another topic
> would be what technology to best use to distribute the data?  I see a
> number
> of options -
> 1. We can certainly post files to the OWASP project page.
> 2. We can also send out data here on the mail-list.
> 3. We can also send out alerts through the Twitter account
> (https://twitter.com/OwaspHoneypots).
> 4. I would also like to look into possibly having access to the OWASP
> blog
> (http://owasp.blogspot.com/) to post content.  I envision something
> simialr
> to the SANS Internet Storm Center Handler Diary
> (https://isc.sans.edu/diaryarchive.html) where we can post stories.
> 5. I also created this GitHub Repo -
> https://github.com/SpiderLabs/owasp-distributed-web-honeypots.  This may
> also be a good location for us to upload sanitized (meaning we REDACT the
> honeypot hostname/IP data) ModSecurity audit event data (which you can
> download from the central logging host).  This could become an
> outstanding
> repository of real-world web attack data intelligence that community
> users
> could leverage.
> These are just some ideas and I would love feedback.
> 
> Thanks,
> Ryan
> 
> 
> _______________________________________________
> Owasp_wasc_distributed_web_honeypots_project mailing list
> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list