[Owasp_wasc_distributed_web_honeypots_project] How to Release Data to the Community?

Jon Gorrono jpgorrono at ucdavis.edu
Sun Apr 12 04:26:23 UTC 2015


WRT the reporting content, all three options seem to be orthogonal, with
different periodicity and depth. +1 to all three :)

WRT the reporting platform, I would favor 4 (with rss) and 5


On Wed, Apr 8, 2015 at 10:20 AM, Ryan Barnett <ryan.barnett at owasp.org>
wrote:

> Hello everyone,
> As I am starting to look through the central logging Console host at the
> data we are receiving, I am struck with our next issue…  Which is out to
> release information.   I can easily do this -
> https://twitter.com/OwaspHoneypots/status/585147356410155009 - but that
> seems incomplete and not of much actionable intel.   I wanted to start up a
> discussion around different options for providing data back to the
> community around this project.  I see a number of options –
>
>    1. Periodic “Status Reports” - these could be based on standard time
>    intervals such as Quarterly reports, etc…  This could include intresting
>    statistics of the captured data such as top attacker sources, tools used,
>    vulns targeted.
>    2. “Emerging Attack” Reports – these would be released on-demand if we
>    spot new, interesting attacks.
>    3. Deep-analysis Reports – that could look deeper into correlating
>    data – perhaps taking a look at distributed brute force scanning efforts or
>    botnet activity, etc…
>
> These are just some ideas of possible reporting options.  Another topic
> would be what technology to best use to distribute the data?  I see a
> number of options -
>
>    1. We can certainly post files to the OWASP project page.
>    2. We can also send out data here on the mail-list.
>    3. We can also send out alerts through the Twitter account (
>    https://twitter.com/OwaspHoneypots).
>    4. I would also like to look into possibly having access to the OWASP
>    blog (http://owasp.blogspot.com/) to post content.  I envision
>    something simialr to the SANS Internet Storm Center Handler Diary (
>    https://isc.sans.edu/diaryarchive.html) where we can post stories.
>    5. I also created this GitHub Repo -
>    https://github.com/SpiderLabs/owasp-distributed-web-honeypots.  This
>    may also be a good location for us to upload sanitized (meaning we
>    REDACT the honeypot hostname/IP data) ModSecurity audit event data (which
>    you can download from the central logging host).  This could become an
>    outstanding repository of real-world web attack data intelligence that
>    community users could leverage.
>
> These are just some ideas and I would love feedback.
>
> Thanks,
> Ryan
>
> _______________________________________________
> Owasp_wasc_distributed_web_honeypots_project mailing list
> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project
>
>


-- 
Jon Gorrono
PGP Key: 0x5434509D - http{
pgp.mit.edu:11371/pks/lookup?search=0x5434509D&op=index}
http{middleware.ucdavis.edu}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150411/0e6d1ac7/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list