Introducing Acapulco: Building Clustered Parallel Coordinates Graphs from HPFeeds data

20 Aug 2012 Hugo Gascon clustering dbscan hpfeeds kmeans parallel-coordinates splunk
…and the summer is over. During the last three months I have tried to make sense of the highly unstructured data set that comes from merging the data streams of several hpfeeds channels. I have had to learn the inner workings of Splunk, their SDKs, the D3.js graphic library and explore different machine learning frameworks and clustering algorithms. Today I am presenting the first release of Acapulco, a tool to find and display clusters of meta-events built from different types of hpfeeds events within a parallel graph, one of the best ways to represent multidimensional security data in a single visualization.

Glastopf v3 released

02 May 2012 Lukas Rist botnet-monitoring glastopf google-summer-of-code gsoc hpfeeds release sandbox web-server-botnet
We where glad to announce yet another tool during our annual workshop in San Francisco. Glaspot is the third version of the web application honeypot Glastopf and it come with some very powerful new features: A build-in PHP sandbox for code injection emulation, allowing us to bring vulnerability emulation to a new level Hooked up to the HPFeeds generic data feed system for centralized data collection and tight integration into our sandbox and web server botnet monitoring system Modular implementation: Turn your web application into a honeypot with a few easy steps Runs in his own lightweight Python server or as a WSGI module in common web server environments Automated attack surface generation and expansion In the next three months we are working on even more exciting new features and a much stronger integration into our web thread analysis platform.