Acapulco (Attack Community grAPh COnstruction) Logo

Acapulco (Attack Community grAPh COnstruction)

0
Free
Visit Website

The Honeynet Project Acapulco app bundles a Splunk application that can be deployed on a central server to automatically generate meta-events from several hpfeeds channels. This events are clustered using DBSCAN or K-means algorithms and displayed at an external client using parallel coordinates graphs based on the D3.js visualization library. License: The Acapulco Project software is licensed under the GNU GPL license. Installation: You can install the Acapulco Splunk app and the visualization client in a few simple steps. Once you have downloaded the bundle, you can follow the usual Splunk instructions for installing a new application. Just unzip the file in your splunk/etc/apps directory and start Splunk to configure it. Once the application is correctly configured and hpfeeds has done its magic, you will be able to create a new file containing all meta-events from hpfeeds log files. In order to do this, just execute the runner.py script with the logging file as input parameter. Two new files for meta-events will be created, one with plain features and a second one where the values of the features are clustered. These new events will provide valuable insights for cybersecurity professionals.

FEATURES

ALTERNATIVES

An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.

Parse IOCs from text

Deception based detection techniques with MITRE ATT&CK mapping and Honey Resources.

A repository of freely usable Yara rules for detection systems, with automated error detection workflows.

A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.

A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.

Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.