Mapovani udalosti na realne incidenty¶

CSIRT-MU¶

Priklad mapovani udalosti podle typu s vyuzitim realnych dat z RT, CSIRT-MU. Zatim vytvoreno dle jiz neaktualni specifikace databazove struktury (TODO - Suki: aktualizace podle nove struktury DB)

ID udalosti	zdroj události (stroj)	zdroj události (sluzba)	timestamp detekce	timestamp prijeti	typ udalosti	typ cile utoku (proto/port)	zdroj utoku (IP, url, ...)	priorita	mohutnost utoku	timeout	poznamka
int(16) uns.	varchar(256)	varchar(64)	timestamp	timestamp	enum	varchar(16) + int(2)	varchar(256)	int(1)	int(4)	timestamp	text
1234	nfsen@ics.muni.cz	ScanReport	2011-09-07 08:23:55.710	2011-09-07 08:27:06.362	portscan	TCP:445	147.251.123.456	vysoka	19434	2011-09-08 08:27:06.362	null
987654	honeyscan@nfsen.ics.muni.cz	Honeyscan	2011-06-19 21:08:39.292	2011-06-19 21:10:26.834	darkspace	TCP:445	147.251.321.654	vysoka	5831	2011-06-20 21:08:39.292	null
68195	nfsen-devel.ics.muni.cz	BruteForceDetector	2011-09-07 12:31:18.031	2011-09-07 13:37:41.974	bruteforce	TCP:22	64.31.60.73	vysoka	590	2011-09-08 13:37:40	null
8643	null	CNdet	2011-05-20 15:33:52	2011-05-20 16:49:15	botnet_c_c	null:null	http://46.182.19.151:2700/pwn/scan-chuck.sh http://46.182.19.151:2700/pwn/syslgd	vysoka	null	2011-06-20 15:33:52	Chuck Norris botnet c&c. More information at http://www.muni.cz/ics/research/projects/4622/web/chuck_norris_botnet?lang=en
986	rt@ics.muni.cz	RT	2011-08-20 14:21:53	2011-08-21 09:19:30	spam	null:null	198.155.155.254	nizka	null	2011-08-27 14:21:53	zneni spamoveho e-mailu
98645	rt@ics.muni.cz	RT	2011-09-01 03:54:13	2011-09-01 08:43:26	phishing	null:null	http://buzurl.com/at96	vysoka	null	2011-09-31 03:54:13	zneni phishingoveho e-mailu
561	paramount@copyright-compliance.com	RT	2011-09-19 21:36:05	2011-09-19 21:36:07	copyright	null:null	147.251.208.170	nizka	null	2011-09-19 22:36:05	detaily sdileneho dila? bitova delka, checksum, nazev

Files (0)

Project

General

Profile

Warden

Wiki

Mapovani udalosti na realne incidenty¶

CSIRT-MU¶