intelowlproject / greedybear Goto Github PK
View Code? Open in Web Editor NEWThreat Intel Platform for T-POTs
License: MIT License
Threat Intel Platform for T-POTs
License: MIT License
We could add more ways to extract data feeds from GB other than "recent" and "persistent" which are free.
These new ways must be protected with authentication to avoid abuse.
We could give the users the chance to:
We should periodically download this batch of data: https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt
and add those IP to whitelists to reduce number of false positives
In the most recent version in develop
, with the new GUI, there is a possible hidden bug in the rendering of the frontend code.
AppHeaders is rendered multiple times, maybe due to some problem in handling the status in React. Same things happen for other parts of the code in other sections. To be investigated (first step, check output in the console log)
We should properly mock the query to ElasticSearch to have the tests work in Github Actions. Please refer to IntelOwl to get an example
Approved by @mlodic.
Use how these packages are integrated in IntelOwl for reference.
Hi
Setup a couple of extinsting T-Pots, and looked to add GreedyBear with the /installer_on_tpot.sh script.
Following execuution of script, I can load up a page at http://Address:8008 to get the homescreen spash.
When I go for Dashboard.. I get
When I try Logon, with the credentials entered in the .sh script, I get "login failed"
Any advice please
Thanks
A bear holding a honeypot
What all points would you like to see in templates for PR and Issue?
Similar to IntelOwl?
Same as implemented in IntelOwl
related to #12
in that way we would align that API to the other available endpoint, the enrichment
one
Right now there is no chance to do that. GreedyBear would automatically extract data from all the configured honeypots.
We should allow the app administrator from the Django Admin to enable/disable honeypot extraction. In that way we can also filter logs which states that the honeypot is not running.
Can we please add or refer to the URL containing the guidelines for future contributors, I see there's nothing mentioned about it in the readme or docs for this repo.
Right now there is no way from the GUI to understand which feeds are available and where they are located
Like implemented in IntelOwl
We could add a Dashboard with some generic statistics about the GB services. This dashboard would be public so no authentication is required to access it.
We could look at how the IntelOwl Dashboard is done and do something similar:
We can use the same format already used for IntelOwl and move all the documentation there.
Like implementend in IntelOwl.
CHANGELOG.md
for the new versiondocs/source/schema.yml
, docker/.version
main
branchNote: Only use "Merge and commit" as the merge strategy and not "Squash and merge". Using "Squash and merge" makes history between branches misaligned.
main
.Write the following statement there (change the version number):
please refer to the [Changelog](https://github.com/intelowlproject/GreedyBear/blob/develop/.github/CHANGELOG.md#v102)
This is to protect admin/APIs from abuse
See: https://www.django-rest-framework.org/api-guide/throttling/#api-reference
Similar to how specified here for IntelOwl: intelowlproject/IntelOwl#1285
Right now, there are 2 feeds available based on the age
of the indicator:
But they are really simple. Maybe we could think about creating different kind of lists based on more reliable values.
This issue will need a complex research analysis.
Starting point could be the Stratosphere's research: https://www.stratosphereips.org/aip-tool
Adding CodeQL workflow in repo.
If this seems fine please assign this to me
Related to intelowlproject/IntelOwl#1284
We could provide a service that could be queried via API key. In this way, it would be possibile to understand if an IOC is in the database of Greedybear without having to download and manage all the feeds from Greedybear.
It would be a simple enrichment service.
We would need:
GreedyBear works by extracting the data from the T-Pot logs generated by the honeypots.
As a first alpha release we just integrated log4jpot + cowrie.
We should also integrate all the other available honeypots in the T-PoT.
Glutton should be the first
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.