Acapulco (Attack Community grAPh COnstruction)
Acapulco (Attack Community grAPh COnstruction) is a Splunk application developed by The Honeynet Project that processes honeypot data from hpfeeds channels to generate meta-events for security analysis. The application automatically collects data from multiple hpfeeds channels and creates clustered meta-events using DBSCAN or K-means algorithms. These processed events are then visualized through parallel coordinates graphs built with the D3.js visualization library, providing an external client interface for data analysis. The tool includes a runner.py script that processes hpfeeds log files to create two types of meta-event files: one containing plain features and another with clustered feature values. This clustering approach helps identify patterns and relationships within honeypot data. Installation involves deploying the Splunk application bundle to a central server by extracting it to the splunk/etc/apps directory. Once configured with hpfeeds integration, the application can process honeypot logs and generate the visualization data for security analysis purposes. The software is distributed under the GNU GPL license and is designed to provide insights for cybersecurity professionals analyzing attack patterns and honeypot interactions.
FEATURES
SIMILAR TOOLS
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
Incident response and case management solution for efficient incident response and management.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.