hector
play

Hector Open Source Security Intelligence Platform University of - PowerPoint PPT Presentation

Sep 02, 2023 •489 likes •751 views

Hector Open Source Security Intelligence Platform University of Pennsylvania School of Arts & Sciences Ubani A Balogun & Justin Klein Keane Security Intelligence HECTOR was developed out of a desire to leverage security

  1. Hector Open Source Security Intelligence Platform University of Pennsylvania School of Arts & Sciences Ubani A Balogun & Justin Klein Keane

  2. Security Intelligence ● HECTOR was developed out of a desire to leverage security intelligence ● Goal of a metrics driven security program ○ Very much inspired by Risk.io and Shostack and Stewart's New School of Information Security ● Security intelligence is the infosec analog of business intelligence

  3. Goals ● Spot emerging trends and react to them ● Understand and analyze existing assets ● Compare threat intelligence to infrastructure ● Measure and remediate vulnerability ● Track security expenditure ● Gap Analysis

  4. Data Sources ● Internal incident reporting ● Kojoney2 medium interaction SSH honeypot ● Darknet sensors measure unsolicited traffic ● OSSEC host based intrusion detection ● Extensible scanning architecture (Nmap, Ncrack, Hydra, Nikto, PhantomJS, Bing, etc.) ● RSS feeds of open source information

  5. Big Data ● Structured data is at the core of HECTOR ● Currently powered by a MySQL database ● Live instance has > 3 million records ● Structured data allows for structured analysis ○ Takes a lot of up from planning work

  6. What’s in the mix? ● Twitter Bootstrap ● jQuery ● Chart.js ● jVectorMap ● DataTables ● jQuery Tag Cloud ● More open source goodies...

  7. Dashboard

  8. Incident Reports

  9. Incident Report Analytics Where should I invest security resources?

  10. Incident Insights

  11. Kojoney & Darknet Sensors What do malicious actors want from our systems?

  12. Kojoney Insights

  13. Kojoney Insights

  14. Darknet Insights

  15. Malicious IP Database

  16. Scans What’s on our network?

  17. PhantomJS Scan

  18. Articles

  19. Free Tags Tying all the raw data together

  20. Tag Insights

  21. Other features ● Create Host & Support Groups ● Nessus & other vulnerability scans ● Non admin user profiles ● Footprints integration ● Malware sample collection ● Feature requests always welcome!

  22. Code ● All code is open source ● Tracked via internal GitLab instance ● Public repo at https://github. com/madirish/hector

  23. Contact ● Justin Klein Keane <jukeane@sas.upenn. edu> ● Ubani A Balogun <ubani@sas.upenn.edu>

  24. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HECToR, the CoE and Large- Scale Application Performance on CLE David Tanqueray, Jason

HECToR, the CoE and Large- Scale Application Performance on CLE David Tanqueray, Jason

HECToR, the CoE and Large- Scale Application Performance on CLE David Tanqueray, Jason Beech-Brandt, Kevin Roy*, Martyn Foster, Cray Centre of Excellence for HECToR Topics HECToR The Centre of Excellence Activities CASINO SBLI DLPOLY

463 views • 22 slides
C o ff eeScrip t Hector Correa hector@hectorcorrea.com Monday, June 18, 12 Agenda What is

C o ff eeScrip t Hector Correa hector@hectorcorrea.com Monday, June 18, 12 Agenda What is

A decaf introduction to C o ff eeScrip t Hector Correa hector@hectorcorrea.com Monday, June 18, 12 Agenda What is CoffeeScript Why CoffeeScript Code Samples (client and server side) Q&amp;A Monday, June 18, 12 Whats not in

767 views • 34 slides
A Chabauty-Coleman bound for surfaces in abelian threefolds Hector Pasten Pontificia Universidad

A Chabauty-Coleman bound for surfaces in abelian threefolds Hector Pasten Pontificia Universidad

A Chabauty-Coleman bound for surfaces in abelian threefolds Hector Pasten Pontificia Universidad Cat olica de Chile Joint work with Jerson Caro Columbia Automorphic Forms and Arithmetic Seminar October 02 of 2020 Hector Pasten (PUC)

528 views • 25 slides
Towards Representing What Readers of Fiction Believe Toryn Q. Klassen and Hector J. Levesque and

Towards Representing What Readers of Fiction Believe Toryn Q. Klassen and Hector J. Levesque and

Towards Representing What Readers of Fiction Believe Toryn Q. Klassen and Hector J. Levesque and Sheila A. McIlraith { toryn ,hector,sheila } @cs.toronto.edu Department of Computer Science University of Toronto November 6, 2017 1 / 26 Story

625 views • 26 slides
Hector Spring School 2015 Presentation Notes Slide #1: the photo is of Lookout Mountain which is

Hector Spring School 2015 Presentation Notes Slide #1: the photo is of Lookout Mountain which is

YMCA Calgary Camp Chief Hector Hector Spring School 2015 Presentation Notes Slide #1: the photo is of Lookout Mountain which is the first mountain on your left as you - are driving on the Trans Canada highway to the west - our site is located

477 views • 8 slides
Hector Spring School 2014 Presentation Notes Slide #1: the photo is of Lookout Mountain which is

Hector Spring School 2014 Presentation Notes Slide #1: the photo is of Lookout Mountain which is

YMCA Calgary Camp Chief Hector Hector Spring School 2014 Presentation Notes Slide #1: the photo is of Lookout Mountain which is the first mountain on your left as you - are driving on the Trans Canada highway to the west - our site is located

267 views • 8 slides
Evaluation of Query Rewriting Approaches for OWL 2 Hector Perez-Urbina, Edgar Rodriguez-Diaz,

Evaluation of Query Rewriting Approaches for OWL 2 Hector Perez-Urbina, Edgar Rodriguez-Diaz,

Evaluation of Query Rewriting Approaches for OWL 2 Hector Perez-Urbina, Edgar Rodriguez-Diaz, Michael Grove, George Konstantinidis, and Evren Sirin { hector, edgar, mike, evren}@clarkparsia.com SSWS+HPCSW 2012 Clark &amp; Parsia, LLC

183 views • 16 slides
Course on Automated Planning: Intro to Planning Hector Geffner ICREA &amp; Universitat Pompeu

Course on Automated Planning: Intro to Planning Hector Geffner ICREA &amp; Universitat Pompeu

Course on Automated Planning: Intro to Planning Hector Geffner ICREA &amp; Universitat Pompeu Fabra Barcelona, Spain Hector Geffner, Course on Automated Planning, Rome, 7/2010 1 Planning: Motivation How to develop systems or agents

367 views • 21 slides
Course on Automated Planning: Planning as Heuristic Search Hector Geffner ICREA &amp; Universitat

Course on Automated Planning: Planning as Heuristic Search Hector Geffner ICREA &amp; Universitat

Course on Automated Planning: Planning as Heuristic Search Hector Geffner ICREA &amp; Universitat Pompeu Fabra Barcelona, Spain Hector Geffner, Course on Automated Planning, Rome, 7/2010 1 From Strips Problem P to State Model S ( P ) A Strips

284 views • 9 slides
Course on Automated Planning: Planning as SAT Hector Geffner ICREA &amp; Universitat Pompeu Fabra

Course on Automated Planning: Planning as SAT Hector Geffner ICREA &amp; Universitat Pompeu Fabra

Course on Automated Planning: Planning as SAT Hector Geffner ICREA &amp; Universitat Pompeu Fabra Barcelona, Spain Hector Geffner, Course on Automated Planning, Rome, 7/2010 1 Logics Logics come in many forms and shapes, like propositional

415 views • 22 slides
Skyrama: Art Directing a Social Game Hector Moran Head of Art, Sproing Interactive Media About

Skyrama: Art Directing a Social Game Hector Moran Head of Art, Sproing Interactive Media About

Skyrama: Art Directing a Social Game Hector Moran Head of Art, Sproing Interactive Media About Myself Hector Moran: Head of Art at Sproing Brief Work history Streamline Studios Sproing Various Freelance and teaching gigs

1.02k views • 42 slides
On the effectiveness of Full-ASLR on 64-bit Linux Hector Marco-Gisbert , Ismael Ripoll Universit`

On the effectiveness of Full-ASLR on 64-bit Linux Hector Marco-Gisbert , Ismael Ripoll Universit`

On the effectiveness of Full-ASLR on 64-bit Linux Hector Marco On the effectiveness of Full-ASLR on 64-bit Linux Hector Marco-Gisbert , Ismael Ripoll Universit` at Polit` ecnica de Val` encia (Spain) In-Depth Security Conference (DeepSec)

1.05k views • 62 slides
HECTOR MAGICC is the current way GCAM emissions are

HECTOR MAGICC is the current way GCAM emissions are

HECTOR MAGICC is the current way GCAM emissions are translated into climate changes In-house C ++ version But its old code; difficult to

318 views • 9 slides
On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco-Gisbert , Ismael Ripoll Universit` at Polit` ecnica

528 views • 35 slides
On Our Best Behaviour Hector J. Levesque Dept. of Computer Science University of Toronto RE

On Our Best Behaviour Hector J. Levesque Dept. of Computer Science University of Toronto RE

. . On Our Best Behaviour Hector J. Levesque Dept. of Computer Science University of Toronto RE Lecture 1 / 30 . . Thanks to my coauthors! Fahiem Bacchus Vaishak Belle Ron Brachman Phil Cohen Ernie Davis Jim Delgrande Giuseppe de

428 views • 14 slides
Down From the Top of Its Game The Story of Infocom, Inc. Hector Briceno, Wesley Chao, Andrew

Down From the Top of Its Game The Story of Infocom, Inc. Hector Briceno, Wesley Chao, Andrew

Down From the Top of Its Game The Story of Infocom, Inc. Hector Briceno, Wesley Chao, Andrew Glenn, Stanley Hu, Ashwin Krishnamurthy, Bruce Tsuchida December 13, 2000 Outline of Presentation Founding and Background Technical

620 views • 30 slides
Hayes Park School Welcome to our Nursery! 07/06/2017 2 The Nursery Team Mrs

Hayes Park School Welcome to our Nursery! 07/06/2017 2 The Nursery Team Mrs

Hayes Park School Welcome to our Nursery! 07/06/2017 2 The Nursery Team Mrs Lorraine Rafferty Mrs Carly Skippins Ms Sarah Blakey Mrs Penny Woodman Nursery Nurse Nursery Nurse

477 views • 24 slides
Annotation for Arabic Information Retrieval Ashraf I. Kaloub Rebhi S. Baraka Alaqsa-Community

Annotation for Arabic Information Retrieval Ashraf I. Kaloub Rebhi S. Baraka Alaqsa-Community

Automatic Ontology-Based Document Annotation for Arabic Information Retrieval Ashraf I. Kaloub Rebhi S. Baraka Alaqsa-Community College Faculty of Information Technology Khan Younis, Gaza Strip Islamic University of Gaza 1 The 3rd Palestinian

536 views • 31 slides
Strategic Plan for Tourism 2016-2021 Stage 1 - Situation Analysis June 2016 Prepared for

Strategic Plan for Tourism 2016-2021 Stage 1 - Situation Analysis June 2016 Prepared for

Prince Edward Island Strategic Plan for Tourism 2016-2021 Stage 1 - Situation Analysis June 2016 Prepared for Contents Objectives Methodology Market Research Emerging Trends in North American Tourism Market External Trade

619 views • 39 slides
Northern Farming Conference 13 th November 2013 Rob Sanderson: Head of Central Store Development

Northern Farming Conference 13 th November 2013 Rob Sanderson: Head of Central Store Development

Northern Farming Conference 13 th November 2013 Rob Sanderson: Head of Central Store Development About Us Openfield markets 4.5m tonnes of grain per annum. This is 20% of UK grain market. This activity generates over 70% of our income.

589 views • 22 slides
Do voluntary codes work? Whale-watching on the west coast August 2018 Hebridean Whale &amp;

Do voluntary codes work? Whale-watching on the west coast August 2018 Hebridean Whale &amp;

Do voluntary codes work? Whale-watching on the west coast August 2018 Hebridean Whale &amp; Dolphin Trust 16 continuous years of boat-based survey effort 120,000 km surveyed 30,000 animals recorded Contributed to the identification and

413 views • 12 slides
Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue

Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue

Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue University, North Carolina State University EuroSys 2009 Nrnberg, Germany Rootkits Stealthy malware Hide attacker Modifying the OS

674 views • 53 slides
Controls: Benefits of Honeypots to Companies Srgio Nunes &amp; Miguel Correia Lisboa, December

Controls: Benefits of Honeypots to Companies Srgio Nunes &amp; Miguel Correia Lisboa, December

IBWAS 2010 From Risk Awareness to Security Controls: Benefits of Honeypots to Companies Srgio Nunes &amp; Miguel Correia Lisboa, December 2010 About me Senior Information Security Consultant / Auditor University Professor: Security,

447 views • 23 slides
CHOOSING WISELY WHOAMI @_yoav_ yoav at jfrog.com THE JFROG EXPERIENCE A fast running

CHOOSING WISELY WHOAMI @_yoav_ yoav at jfrog.com THE JFROG EXPERIENCE A fast running

CLOUD VENDORS CHOOSING WISELY WHOAMI @_yoav_ yoav at jfrog.com THE JFROG EXPERIENCE A fast running startup Doing cloud since 2009 2 cloud-based products JFrog Bintray JFrog Artifactory Cloud THE JFROG EXPERIENCE

406 views • 26 slides

More recommend