Cowralyze Logo

Cowralyze

0
Free
Visit Website

This project is about a Command Line Map-Reduce tool to analyze cowrie log files on remote servers / local folders over time and create a visualization and statistics of the data. The tool uses multiple log files <cowrie.json.YYYY-MM-DD> to create a cummulated information file and visualization from local or remote folder path, finally creating statistics about all the event changes over time. python3 cowralyze.py --help # shows available commands and a description for each command Furthermore there's the possibility to trace commands by session id or ip, as well as creating Sankey Command Chain Plots for specific log files. Motivation: This project was created in course of my Bachelor's Thesis: Longitudinal Analysis of SSH Honeypots. While a large number of honeypot related tools exist, they generally focus on high-level aggregated statistics and not about individual log anomalies. The aim of this project is to provide a tool to get a quick overview of the changes over time of possibly hundred's of cowrie honeypots. The stats.html provides the accumulated percentual changes over time, result.html provides the visualization across the no

FEATURES

ALTERNATIVES

AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.

Free

HoneyView is a tool for analyzing honeyd logfiles graphically and textually.

Free

Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.

Free

A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.

Commercial

Tool for deleting logs on Linux/Windows servers.

Free

Track user activity and API usage on AWS and in hybrid and multicloud environments.

Free

Security-Guard helps secure microservices and serverless containers by detecting and blocking exploits.

Free

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

Free

PINNED