Argus-info Digest, Vol 60, Issue 5
CS Lee
geek00l at gmail.com
Thu Aug 5 20:34:14 EDT 2010
hi modversion,
You can consider splunk, it's not native frontend for argus, but you can
throw argus data into it, additionally you get your argus data correlate
with other data(say syslog or ids) and so forth, and with lookup function
you can do blacklist/whitelist stuffs. For reactive blocking you can trigger
the script to block any blacklist IP.
Cheers
> Today's Topics:
>
> 1. Re: which is the best front web interface for me ? (modversion)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 5 Aug 2010 09:16:13 +0800
> From: "modversion" <modversion at gmail.com>
> Subject: Re: [ARGUS] which is the best front web interface for me ?
> To: "'Carter Bullard'" <carter at qosient.com>
> Cc: argus-info at lists.andrew.cmu.edu
> Message-ID: <003601cb343b$cde19920$69a4cb60$@gmail.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Thank you carter,I will try to do something with Periscope,but could you
> like to tell me where can I find the commercial web interface for argus ?
>
> If we can not find a suitable web interface,we will do it by ourself for
> our
> company,but we can not keep it open, because of the confidentiality
> agreement.
>
> In my opinion, the visualize map were not the best bet for us, we only want
> to know which system are hacked (botnet detection) and which system are
> hacking (scaning,brute-forcing,spoofing)in our company,then block the ip
> with the firewall and locate the people with the smac.
>
> All of them could be find out by analyse the network behavior data which
> collected with argus,not very difficult,just count the times which from the
> same source address to the same destination address and port.
>
> In the botnet detection,we will use black list and white list to make it
> better
>
> 1. black list: dynamic dns,such as 3322.org.
>
> 2. white list,such as mail server and trusted web server.
>
>
>
> Anybody could give me some suggestion ? Thanks.
>
>
>
> From: Carter Bullard [mailto:carter at qosient.com]
> Sent: Wednesday, August 04, 2010 11:22 PM
> To: modversion
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] which is the best front web interface for me ?
>
>
>
> Hey modversion,
>
> We don't have a free web interface for argus, but some people have
> developed
>
> their own web tools. Mark Bartlett sends screenshots of his stuff
> occasionally.
>
>
>
> There's Periscope, which is a Lisp system that looks particularly cool,
> there was
>
> ArgusEye, which was a good effort. These are/were the projects that people
> have
>
> talked about on the mailing list, where there is code.
>
>
>
> I am trying to move things around so that I can do this type of project,
> but
> it will take
>
> some time before that happens for me. If you are interested in doing
> something
>
> in this area, and want to keep it open, I can contribute.
>
>
>
> Carter
>
>
>
> On Aug 4, 2010, at 10:36 AM, modversion wrote:
>
>
>
>
>
> Hi list:
>
> I want to find the port scanner,login bruteforcer,arp spoofer and
> the botnet victim in our office network via argus, which is the best front
> web interface for me to find them out ?
>
> Thank you very much!
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20100805/9560995f/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 60, Issue 5
> *****************************************
>
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100806/abe3d2ce/attachment.html>
More information about the argus
mailing list