analysis

Visualize AWS VPC Flow Logs in Squey using Apache Parquet format
Visualize AWS VPC Flow Logs in Squey using Apache Parquet format
Since version 5.0, Squey is able to import and export Apache Parquet files! « Apache Parquet is an open-source file format that stores data efficiently in columnar format, provides different encoding types, and supports predicate filtering. With good compression ratios and efficient encoding, VPC flow logs stored in Parquet reduce your Amazon S3 storage costs. » ― AWS Blog Let’s take advantage of the fact that AWS VPC Flow Logs can be natively stored in Apache Parquet format to seamlessly visualize our network and understand traffic patterns, identify security issues, audit usage, and diagnose network connectivity.
Detect an SSH login after social engineering
Detect an SSH login after social engineering
In this article, we are addressing the challenge presented by detecteam.com. “We have published one year of ssh logins/logouts of a valid administrator; However the account has been compromised using social engineering similar to the MGM attack which led to a ransomware being deployed.” ― Detecteam So here is the openssh.log_.zip (mirror) dataset and its associated openssh.log_.zip.format parsing file. It’s looking like typical OpenSSH logs: Sep 24 08:46:18 bidizidomo sshd[26168]: Accepted password for iworkinacasino from 173.
Phishing attack detection in proxy logs
Phishing attack detection in proxy logs
Here is a video of the detection of a successful phishing attack contained in a 10 million rows anonymized proxy logs.
Bluecoat Proxy Big Analysis
Bluecoat Proxy Big Analysis
This article is a step-by-step tutorial aiming at loading and analyzing the bluecoat_proxy_big.zip dataset from Public Security Log Sharing in Squey. The first section is devoted the creation of a parsing file that will allow us to load the dataset. Should you be in a hurry, you can skip straight to the analysis as the file is provided below. Parsing file creation Before being able to load the dataset into the application, a parsing file (called format) should be created using the Format Builder tool.