loghub
mordor
loghub | mordor | |
---|---|---|
5 | 6 | |
1,530 | 1,551 | |
3.0% | 0.7% | |
5.3 | 5.6 | |
5 days ago | about 2 months ago | |
PowerShell | ||
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
loghub
- Security+ 601 - Where to learn READING LOGS?
-
SOC with machine learning
https://github.com/logpai/loglizer has an MIT license. Seems like they've done some of the heavy lifting already. If you're just looking for logs, check out https://github.com/logpai/loghub.
-
PSA: PLEASE learn data structures and algorithms. The amount of people in DevOps who can't code is too damn high!
Here is an example apache log fie: If you want to try and prove me wrong write a script to find and return line numbers which contain the string "Directory index forbidden" or some other substring which is better then O(N).
-
Any dataset that could be interesting to analyze using text network analysis?
Any text? How about Loghub? Maybe you could visualize links in error messages for failure analysis, for example does a seemingly harmless warning seem to be linked to a much worse problem that occurs later?
-
Mining metrics from unstructured logs
Here is a summary for a log from the logpai/loghub dataset (kudos to the Logpai team for sharing this dataset):
mordor
- SOC with machine learning
-
What tooling/scripts/capability would your Blueteam benefit from? Add your wish to the comments 👇🏿 and it might come true..
https://github.com/OTRF/Security-Datasets -> Any table in sentinel
- Dummy security logs to practice with team?
-
Cybersecurity bootcamp
Cloud resources (like Simuland: https://github.com/Azure/SimuLand ) might let you spin up your environment without at-home resources, but you can also learn about what attacks look like and how they work in defenses using something like the OTRF project: https://github.com/OTRF/Security-Datasets
-
Simplest path to ECS-formatted winlogbeat style json file import
To get started as easily as possible we’re looking to use data from the security datasets (formerly Mordor) project https://github.com/OTRF/Security-Datasets and converting some of this data to winlogbeat/ECS using this tool: https://github.com/barvhaim/mordor2ecs
-
How to grt better/ homelab help
Exactly! Either inline, or mirror your traffic via SPAN - assuming quite a lot of phones, tablets and other gear you‘ll definitely start spotting some not-so-hot traffic quite soon. In case you can arrange for a public IP at home, start tapping in and profile your visitors. In case you deem your homenet too boring - as mentioned - Mordor - hit your Onion with actual malicious traffic: https://github.com/OTRF/mordor
What are some alternatives?
coroot-aws-agent - A prometheus exporter that gathers metrics from AWS services.
HELK - The Hunting ELK
ecs-mapper - Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
scrapydweb - Web app for Scrapyd cluster management, Scrapy log analysis & visualization, Auto packaging, Timer tasks, Monitor & Alert, and Mobile UI. DEMO :point_right:
loglizer - A machine learning toolkit for log-based anomaly detection [ISSRE'16]
logparser - A machine learning toolkit for log parsing [ICSE'19, DSN'16]
mordor2ecs - Windows log to ECS format for Mordor large dataset
coroot-node-agent - A Prometheus exporter based on eBPF that gathers comprehensive container metrics
logparser - A library and a CLI tool for clustering unstructured logs.