[Owasp_wasc_distributed_web_honeypots_project] How to Release Data to the Community?

Bev Corwin bev.corwin at owasp.org
Sat Apr 11 17:44:12 UTC 2015


Hi there. Just wanted to let you know that I'm here and planning to
participate. Just getting up to speed on reading over the initial list
emails this weekend. No comments at this point, yet, other than I think
that this is a great project.

Bev

On Sat, Apr 11, 2015 at 5:44 AM, LittleCho <littlecho at littlecho.tw> wrote:

> Dear Ryan,
>
>       I would like to suggest that deploy a simple blogging web
>       application with github pages, and the reports can periodically be
>       pushed to the branch for updates. It may be possible to use github
>       to send a notificaion to all the participants by dropping the
>       email to the mailing list. Hope this can do some helps! Thanks!
>
> --
> BR, LittleCho
>
> On Thu, Apr 9, 2015, at 01:20 AM, Ryan Barnett wrote:
> > Hello everyone,
> > As I am starting to look through the central logging Console host at the
> > data we are receiving, I am struck with our next issueŠ  Which is out to
> > release information.   I can easily do this -
> > https://twitter.com/OwaspHoneypots/status/585147356410155009 - but that
> > seems incomplete and not of much actionable intel.   I wanted to start up
> > a
> > discussion around different options for providing data back to the
> > community
> > around this project.  I see a number of options ­
> > 1. Periodic ³Status Reports² - these could be based on standard time
> > intervals such as Quarterly reports, etcŠ  This could include intresting
> > statistics of the captured data such as top attacker sources, tools used,
> > vulns targeted.
> > 2. ³Emerging Attack² Reports ­ these would be released on-demand if we
> > spot
> > new, interesting attacks.
> > 3. Deep-analysis Reports ­ that could look deeper into correlating data ­
> > perhaps taking a look at distributed brute force scanning efforts or
> > botnet
> > activity, etcŠ
> > These are just some ideas of possible reporting options.  Another topic
> > would be what technology to best use to distribute the data?  I see a
> > number
> > of options -
> > 1. We can certainly post files to the OWASP project page.
> > 2. We can also send out data here on the mail-list.
> > 3. We can also send out alerts through the Twitter account
> > (https://twitter.com/OwaspHoneypots).
> > 4. I would also like to look into possibly having access to the OWASP
> > blog
> > (http://owasp.blogspot.com/) to post content.  I envision something
> > simialr
> > to the SANS Internet Storm Center Handler Diary
> > (https://isc.sans.edu/diaryarchive.html) where we can post stories.
> > 5. I also created this GitHub Repo -
> > https://github.com/SpiderLabs/owasp-distributed-web-honeypots.  This may
> > also be a good location for us to upload sanitized (meaning we REDACT the
> > honeypot hostname/IP data) ModSecurity audit event data (which you can
> > download from the central logging host).  This could become an
> > outstanding
> > repository of real-world web attack data intelligence that community
> > users
> > could leverage.
> > These are just some ideas and I would love feedback.
> >
> > Thanks,
> > Ryan
> >
> >
> > _______________________________________________
> > Owasp_wasc_distributed_web_honeypots_project mailing list
> > Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
> >
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project
> _______________________________________________
> Owasp_wasc_distributed_web_honeypots_project mailing list
> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150411/d0bf4545/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list