I implemented a new report today, the “Daily Trends” report. It summarizes noteworthy data received from our honeypot. As with everything, it will improve if you provide feedback 🙂
There are two ways to receive the report:
- E-Mail: Sign up at https://isc.sans.edu/notify.html
- JSON/HTTP: You may also just download the raw JSON data for the report at https://isc.sans.edu/feeds/trends.json
The sections of the report:
- Top 10 newly registered domains, based on our domain score (the higher, the more suspect)
- Top 10 URLs: The top 10 newly seen URLs from our web honeypot.
- Top 10 New SSH/Telnet usernames: Usernames our Cowrie honeypots have not seen before.
- Top 10 Trending ports
The layout will be refined for sure. Let me know I the data is useful.
Can’t receive the email? E-mail delivery has always been an issue, which is why we offer the HTML report as well.
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
