ISC Feature of the Week: Webhoneypot: Web Server Log Project
Overview
We recenlty updated the webhoneypot pages at https://isc.sans.edu/webhoneypot/index.html and added some API functions at https://isc.sans.edu/api/. The Webhoneypot project is a collection of logs submitted by users from various honeypots.
Features
The right column navigation is always present and has links to:
- Webhoneypot home page
- RFI Attacks - List of URLs matching RFI regular expressions
- Filter Reports - search our reports for matches to particular header properties
- Reports List - Explained in detail below
Web Application Logs - https://isc.sans.edu/webhoneypot/index.html#logs
- Explains how to sign up and participate as well as requirements to submit logs.
- Link to ISC/DShield API where we have added functions for the webhoneypot
Results - https://isc.sans.edu/webhoneypot/index.html#results
-
Reports - https://isc.sans.edu/webhoneypot/index.html#reports
- Links to available reporting at https://isc.sans.edu/webhoneypot/reports.html
- Overall Report Volume - Total reports, submitters and average per submitter sorted by date
- Attacks By Type - Regular expressions determine the types of attacks. Page lists two tables. One lists the top 30 attacks for the last month, the other table the top attacks for the last 24 hrs.
- Top Unclassified - List of URLs no recognized by regular expressions.
- Unique URLs - Distinct URLs per day with date selection form.
- Headers - Unique headers per day with link to details page. Also has date selection form.
-
Report Volume - https://isc.sans.edu/webhoneypot/index.html#volume
- summarized the report volume received over the last 10 days.
-
Top Attacks - https://isc.sans.edu/webhoneypot/index.html#attacks
- We try to classify attacks based on regular expression matches. This system was created by SANS Technology Institute (STI) Master of Science graduate Eric Conrad as part of his software security requirement. Not all "hits" to a honeypot can easily be identified as "attacks", and some may actually just be benign.
-
Top Attack Groups - https://isc.sans.edu/webhoneypot/index.html#groups
- Grouped top attacks found by regular expressions for the current day
Please consider running a honeypot yourself expect to see more about this project and additional APIs in the future!
Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago