Cowralyze Logo

Cowralyze

0
Free
Visit Website

This project is about a Command Line Map-Reduce tool to analyze cowrie log files on remote servers / local folders over time and create a visualization and statistics of the data. The tool uses multiple log files <cowrie.json.YYYY-MM-DD> to create a cummulated information file and visualization from local or remote folder path, finally creating statistics about all the event changes over time. python3 cowralyze.py --help # shows available commands and a description for each command Furthermore there's the possibility to trace commands by session id or ip, as well as creating Sankey Command Chain Plots for specific log files. Motivation: This project was created in course of my Bachelor's Thesis: Longitudinal Analysis of SSH Honeypots. While a large number of honeypot related tools exist, they generally focus on high-level aggregated statistics and not about individual log anomalies. The aim of this project is to provide a tool to get a quick overview of the changes over time of possibly hundred's of cowrie honeypots. The stats.html provides the accumulated percentual changes over time, result.html provides the visualization across the no

FEATURES

ALTERNATIVES

A compliant audit log tool that provides a searchable, exportable record of read/write events.

Free

A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.

Free

AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.

Free

A service that analyzes and visualizes security data to investigate potential security issues.

Free

Security-Guard helps secure microservices and serverless containers by detecting and blocking exploits.

Free

Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.

Free

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Commercial

A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.

Free

PINNED