Anotace datasetu c. 1 (2016-01-01 - 2016-01-31)¶

Table of contents
Anotace datasetu c. 1 (2016-01-01 - 2016-01-31)

> db.mentatData.stats()
{
    "ns" : "wardenTest.mentatData",
    "count" : 10797000,
    "size" : 19736518595,
    "avgObjSize" : 1827,
    "storageSize" : 6430973952,
    "capped" : false,
    "wiredTiger" : {
        "metadata" : {
            "formatVersion" : 1
        },

Category¶

db.mentatData.aggregate([{$group: {_id: "$Category", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
Recon.Scanning	10 503 486
Attempt.Login	208 969
Availability.DoS	34 760
Malware	24 411
Intrusion.Botnet	23 043
Attempt.Exploit	14 413
Availability.DDoS	6 054
Vulnerable.Config	4 770
Abusive.Spam	1 500
Anomaly.Traffic	3
Vulnerable	2
Celkem	10 821 411

Node.Name¶

 db.mentatData.aggregate([{$group: {_id: "$Node.Name", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
cz.cesnet.au1.warden_filer	8 208 920
cz.cesnet.hoststats	1 472 158
cz.cesnet.nemea.hoststats	731 808
cz.vutbr.hpscan	259 743
cz.vsb.kippo	69 271
cz.tul.ward.dionaea	12 569
cz.nic.dionaea2	8 535
cz.nic.dionaea1	6 963
cz.uhk.apate.cowrie	6 285
cz.cesnet.nemea.amplificationdetector	6 054
cz.uhk.apate.dionaea	4 067
cz.cesnet.kryten.dionaea	3 568
cz.nic.kippo	2 474
cz.cesnet.holly.kippo	1 573
cz.tul.ward.kippo	1 520
cz.cesnet.syslog.warden_filer	1 492
Celkem	10 797 000

IPv4 vs. IPv6¶

db.mentatData.find({"Source.IP4":{"$exists":true}}).count()
db.mentatData.find({"Target.IP4":{"$exists":true}}).count()
db.mentatData.find({"Source.IP6":{"$exists":true}}).count()
db.mentatData.find({"Target.IP6":{"$exists":true}}).count()
db.mentatData.find({"$or":[{"Source.IP4":{"$exists":true}},{"Target.IP4":{"$exists":true}}]}).count()
db.mentatData.find({"$and":[{"Source.IP4":{"$exists":true}},{"Target.IP4":{"$exists":true}}]}).count()
db.mentatData.find({"$or":[{"Source.IP6":{"$exists":true}},{"Target.IP6":{"$exists":true}}]}).count()
db.mentatData.find({"$and":[{"Source.IP6":{"$exists":true}},{"Target.IP6":{"$exists":true}}]}).count()

Nazev	Pocet
"Source.IP4":{"$exists":true}	10 682 215
"Target.IP4":{"$exists":true}	8 701 383
"Source.IP6":{"$exists":true}	133
"Target.IP6":{"$exists":true}	18
"Source.IP4":{"$exists":true} OR "Target.IP4":{"$exists":true}	10 796 849
"Source.IP4":{"$exists":true} AND "Target.IP4":{"$exists":true}	8 586 749
"Source.IP6":{"$exists":true} OR "Target.IP6":{"$exists":true}	151
"Source.IP6":{"$exists":true} AND "Target.IP6":{"$exists":true}	0

Source.IP4.ip¶

db.mentatData.aggregate([{$group: {_id: "$Source.IP4.ip", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
uSgETQ==	599045
uSgEvQ==	297617
REGQog==	126309
null	112605
WfirpQ==	91740
UcbWXg==	83785
l/0lzg==	78515
XD6lZA==	74913
Ua6C5g==	66620
WCheCg==	57728
Xa5dtQ==	56837
o6wNrQ==	53827
uSgEuw==	44551
RwaHgw==	42972
UFJOCA==	41375
Rwanjg==	41115
QvDAig==	41076
QvDsdw==	40839
RwalyA==	40141
uYIF5g==	40043
M/5+Wg==	39780
yH9Lyg==	39233
JlmLNA==	37434
T4+6EQ==	36539
W+xLBA==	33031
M/7VgA==	30119
WPdmlQ==	30075
VRkrXg==	29217
sUjeCA==	28777
2PMfAg==	25965
ul07ig==	25290
YAoYng==	23445
0GQa5w==	21761
0GQa6A==	21681
0GQa5Q==	21619
S5Vw+Q==	21432
0GQa5g==	21037
qeUDWw==	20909
aNvuCg==	20877
x3N1dg==	20138
Wfinmw==	20028
Pttbmg==	20006
QvDbkg==	19812
U9xyRg==	19658
Rwaepg==	18440
Xa5dfg==	17096
rSBrPg==	16523
XNNMFw==	15551
xhRjgg==	15015
Ut1pBg==	14943
YBIz0Q==	14911
Ut1pBw==	14373
vIoRzQ==	13508
vIoB2g==	13341
uYIF2A==	13146
w9Oasw==	13102
xhRXYg==	12762
uSbWYw==	12747
ovQjFg==	12478
BcQftQ==	12450
wWgpzg==	12337
M/5exg==	12234
UFJOBg==	12010
ot65pQ==	11953
uYIF9g==	11489
QnP6XQ==	11438
UFJBeA==	11342
LqEoeA==	11088
krnvZg==	10518
Mko9rg==	9953
X0EisQ==	9536
uSM+Cw==	9216
sGcwJg==	9207
gOhuHA==	9096
LonXIA==	9045
qD7umQ==	8835
Mhdg0g==	8485
xhRGcg==	8389
PtKdtQ==	8307
M/7Vlw==	8176
1FO2Zw==	8167
uWpcdg==	8165
UFJPaA==	8064
Wfisnw==	7853
WfisyQ==	7832
Wfiipw==	7459
jdR6cA==	7429
XNNHgQ==	7421
bWkzOw==	7415
OtrNUw==	7382
JmfR/g==	7332
jdR6UQ==	7331
Wfisbg==	7278
uYIF5w==	7272
Vxk+xQ==	7258
XmYwww==	7202
Xa5d2g==	7141
uV5vAQ==	7133
u6DvTA==	7003
uYIFHQ==	6881
wU22QA==	6731

Target.IP4.ip¶

db.mentatData.aggregate([{$group: {_id: "$Target.IP4.ip", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
null	2064582
w3H8sQ==	741337
w3H8IQ==	665208
w3H8MQ==	653992
w3H8oQ==	650502
nsQAAA==	69271
k+VoAA==	49465
	31035
w3H+AQ==	21347
w3H9AQ==	20875
w3H/AQ==	20782
2R/AAA==	17972
ToD+AQ==	15119
ToD9AQ==	14946
ToD/AQ==	14674
zF9jwQ==	10901
w3GlgA==	10352
w3H8LQ==	5440
w3EAAA==	5141
ToD80Q==	4838
ToD8Pw==	4745
ToD8mw==	4662
ToD9DA==	4635
zF9j8w==	4154
w3H8QA==	3752
w3H8Xg==	3722
zF9jbQ==	3663
ToD8Iw==	3628
w3H8Wg==	3600
w3H8CQ==	3558
w3H+Nw==	3551
w3H8ZQ==	3536
w3H8Lw==	3506
ToD9TQ==	3506
w3H8UQ==	3495
w3H8OQ==	3476
w3H8Ow==	3467
w3H8WA==	3465
w3H8Uw==	3463
w3H+ag==	3457
ToD8eQ==	3440
w3H8VQ==	3433
w3H8Ew==	3423
w3H8Nw==	3412
w3H8aQ==	3406
w3H9Cw==	3403
w3H+hg==	3401
w3H8ew==	3385
w3H8Ug==	3383
w3H8bQ==	3377
w3H8RQ==	3369
w3H8YQ==	3369
w3H8dw==	3364
w3H9Eg==	3363
w3H8Bw==	3362
w3H8GQ==	3351
w3H8Dw==	3350
w3H9AA==	3349
w3H9NQ==	3347
w3H8Cw==	3347
w3H8DQ==	3339
w3H8TQ==	3337
w3H8eQ==	3334
w3H+kg==	3324
w3H9QQ==	3321
ToD8kw==	3318
w3H8Aw==	3315
w3H+4Q==	3315
w3H9CQ==	3309
ToD9oQ==	3303
w3H8FQ==	3301
w3H9Qw==	3300
w3H8LA==	3292
w3H+Kw==	3290
w3H8cQ==	3285
w3H/GQ==	3285
w3H8fw==	3280
w3H9BQ==	3279
w3H8Gw==	3278
w3H8HQ==	3275
w3H8QQ==	3275
w3H8NQ==	3274
w3H8JQ==	3272
w3H9Ww==	3271
w3H8KQ==	3268
w3H9Xw==	3265
w3H8Hw==	3265
w3H8XQ==	3264
w3H8dQ==	3264
w3H8Xw==	3262
w3H8bw==	3259
w3H8Tw==	3256
w3H8Ig==	3248
w3H9Sw==	3243
w3H9UA==	3237
w3H9eQ==	3237
w3H/HA==	3236
w3H8IA==	3234
w3H8Tg==	3233
w3H8Kw==	3232

Events per day (DetectTime)¶

$ events_per_day.sh

Nazev	Pocet
2015-12-01	0
2015-12-02	0
2015-12-03	0
2015-12-04	0
2015-12-05	0
2015-12-06	0
2015-12-07	0
2015-12-08	0
2015-12-09	0
2015-12-10	0
2015-12-11	0
2015-12-12	0
2015-12-13	0
2015-12-14	0
2015-12-15	0
2015-12-16	0
2015-12-17	0
2015-12-18	0
2015-12-19	0
2015-12-20	0
2015-12-21	0
2015-12-22	0
2015-12-23	166
2015-12-24	0
2015-12-25	0
2015-12-26	162
2015-12-27	197
2015-12-28	1 209
2015-12-29	154
2015-12-30	315
2015-12-31	341
2015-12-31	341
2016-01-01	1 526
2016-01-02	1 900
2016-01-03	2 899
2016-01-04	2 551
2016-01-05	1 696
2016-01-06	1 986
2016-01-07	1 662
2016-01-08	2 258
2016-01-09	1 873
2016-01-10	1 252
2016-01-11	2 931
2016-01-12	1 166
2016-01-13	991
2016-01-14	801 065
2016-01-15	1 152 287
2016-01-16	975 778
2016-01-17	999 507
2016-01-18	1 007 736
2016-01-19	1 049 590
2016-01-20	1 126 447
2016-01-21	1 052 884
2016-01-22	947 719
2016-01-23	949 422
2016-01-24	707 330
2016-01-25	0
2016-01-26	0
2016-01-27	0
2016-01-28	0
2016-01-29	0
2016-01-30	0
2016-01-31	0

Source.Port¶

db.mentatData.aggregate([{$group: {_id: "$Source.Port", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Target.Port¶

db.mentatData.aggregate([{$group: {_id: "$Target.Port", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Files (0)

Project

General

Profile

Mentat

Wiki

Anotace datasetu c. 1 (2016-01-01 - 2016-01-31)¶

Category¶

Node.Name¶

IPv4 vs. IPv6¶

Source.IP4.ip¶

Target.IP4.ip¶

Events per day (DetectTime)¶

Source.Port¶

Target.Port¶