Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creation of EDLs from IoT Domain files generated by honeypot team - MineMeld #28

Open
punisherVX opened this issue Jun 25, 2018 · 0 comments
Open

Creation of EDLs from IoT Domain files generated by honeypot team - MineMeld #28

punisherVX opened this issue Jun 25, 2018 · 0 comments
Assignees
@punisherVX
Labels
customer request enhancement New feature or request help wanted Extra attention is needed sfn

Comments

@punisherVX
Copy link
Contributor

punisherVX commented Jun 25, 2018
edited
Loading

After completion of #27, determine effort (and complete if possible) the ability to use MineMeld for automated generation of IoT EDL and upload for use.

Ticket #28: IoT Safe Networking Processing -- Domains

We need to add to SN the ability to identify IoT C2 activity via DNS that we have learned from our Honeypots.

High level requirements include

  • creation of EDLs from IoT Domain files generated by honeypot team. First instance of this could be manual but long term could include Minemeld work to keep the EDL updated
  • identity the EDL event from the FW vs. the Threat events from DNS db or WF as these events will need special processing
  • storing of the malware family and associated domains in the SN database. This will need to be created from the text files created from the Honeypot team today. Sample file here:
    https://paloaltonetworks.box.com/s/halb8utfbtm8k319lvc6bn6xred44hni
  • creation of new reports to showcase IoT activity
@punisherVX punisherVX added customer request enhancement New feature or request help wanted Extra attention is needed labels Jun 25, 2018
@punisherVX punisherVX added the sfn label Oct 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@punisherVX punisherVX

Labels
customer request enhancement New feature or request help wanted Extra attention is needed sfn
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@punisherVX