Acapulco (Attack Community grAPh COnstruction)
#Threat Defense#Threat Management
Open source web app for storing and searching Actor related data from users and public repositories.
Overview of the Honeynet Project Acapulco Application
The Honeynet Project Acapulco application features a Splunk application that can be installed on a central server. This configuration enables the automatic creation of meta-events from various hpfeeds channels.
Clustering Events with DBSCAN or K-means Algorithms
Events are grouped using either the DBSCAN or K-means algorithms. These clustered events are then visualized on an external client through parallel coordinates graphs, which utilize the D3.js visualization library. License: The Acapulco Project software operates under the GNU GPL license.
Installation Instructions for the Acapulco Splunk App
You can install the Acapulco Splunk app and the visualization client by following a few straightforward steps. First, download the bundle. Then, use the standard Splunk instructions to install a new application. Simply unzip the file into your splunk/etc/apps directory. After that, start Splunk to configure the application. Once it is properly configured and hpfeeds has completed its functions, you will be able to create a new file that contains all meta-events from the hpfeeds log files. To do this, run the runner.py script with the logging file as an input parameter. This process will generate two new files for meta-events: one will include plain features, while the other will contain clustered values of those features.
Upcoming Events Will Provide Valuable Insights
Upcoming events will provide important insights for cybersecurity professionals, assisting them in staying updated on the latest trends and challenges within the field.
