Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Color My Logs: Providing Context for Your Logs Using Our Data - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Color My Logs: Providing Context for Your Logs Using Our Data

I feel our data is best used to provide context to your own logs. So far, there wasn't an easy way to lookup a good number of IP addresses to annotate your logs. We do have an API, but that requires scripting on your end to use. Our most recent experiment makes annotating your logs as easy as copy / paste. All you need to do it copy and paste a log snippet to our "Color My Logs" page, and the snippet will be marked up with our data.

Any IPs found in your log will be "Colored" based on our risk rating. We are still refining the risk rating, so any feedback is very welcome. Please let us know if you run into a log that isn't parsed correctly or if you experience any other issues.

For a quick run through and some additional details, see this YouTube video .

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3603 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!