Upgrade to Pro — share decks privately, control downloads, hide ads and more …

squert – an open source UI for NSM data

paulh
April 17, 2015

squert – an open source UI for NSM data

AtlSecCon, Halifax. 2015

paulh

April 17, 2015
Tweet

More Decks by paulh

Other Decks in Technology

Transcript

  1. squert – an open source web interface for NSM data

    paul halliday | AtlSecCon, Halifax 2015
  2. we are going to talk about project history ~$ echo

    'Big Data' | sed 's/Big/Just plain old/' interface design and UX
  3. Sguil: The Analyst Console for Network Security Monitoring < tcl/tk

    > sguild New York Toronto Halifax Tokyo ALERT! ALERT! ALERT! Analyst console(s) ACKNOWLEDGED
  4. p r o b l e m no analysts lack

    of summary information no visuals or helpers
  5. p r o b l e m static content missing

    basic functionality no workflow
  6. ???

  7. Suricata: Open source Intrusion Detection System ids_agent disk sguild MySQL

    client pcap_agent packet capture unified log realtime event context
  8. Bro: Open source Network Security Monitor disk sguild MySQL client

    bro_agent intel.log notice.log realtime event
  9. The Bro Intel Framework #fields indicator indicator_type meta.source meta.url meta.do_notice

    meta.if_in 000007.ru Intel::DOMAIN MalwareDomains http://malwaredomains.com/files/justdomains F - 01100001 00100000 01110111 01101000 01101111 01101100 01100101 00100000 01100010 01110101 01101110 01100011 01101000 00100000 01101111 01100110 00100000 01100100 01100001 01110100 01100001 00100000 01101000 01100101 01110010 01100101 00100001 00100001 intel metadata controls Intel::ADDR Intel::URL Intel::SOFTWARE Intel::EMAIL Intel::DOMAIN Intel::USER_NAME Intel::FILE_HASH Intel::FILE_NAME Intel::CERT_HASH Intel Types Intel.log !