Acapulco (Attack Community grAPh COnstruction) Logo

Acapulco (Attack Community grAPh COnstruction)

0
Free
Visit Website

The Honeynet Project Acapulco app bundles a Splunk application that can be deployed on a central server to automatically generate meta-events from several hpfeeds channels. This events are clustered using DBSCAN or K-means algorithms and displayed at an external client using parallel coordinates graphs based on the D3.js visualization library. License: The Acapulco Project software is licensed under the GNU GPL license. Installation: You can install the Acapulco Splunk app and the visualization client in a few simple steps. Once you have downloaded the bundle, you can follow the usual Splunk instructions for installing a new application. Just unzip the file in your splunk/etc/apps directory and start Splunk to configure it. Once the application is correctly configured and hpfeeds has done its magic, you will be able to create a new file containing all meta-events from hpfeeds log files. In order to do this, just execute the runner.py script with the logging file as input parameter. Two new files for meta-events will be created, one with plain features and a second one where the values of the features are clustered. These new events will provide valuable insights for cybersecurity professionals.

FEATURES

ALTERNATIVES

A collection of YARA rules for research and hunting purposes.

InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.

A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.

Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.

Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.

Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.

Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.

Open Source Threat Intelligence Collector with plugin-oriented framework.

PINNED