HPFeeds interface - Githubissues

mushorg / buttinsky

Botnet monitoring is a crucial part in threat analysis and often neglected due to the lack of proper open source tools. Our tool will provide an open source framework for automated botnet monitoring. The modular design will allow full customization of the used protocols, the monitoring clients behavior, how we log the collected information, processing of the data to analyze the botnets purpose, size and threat and how the monitoring task are distributed between dedicated nodes.

http://buttinsky.org

GNU General Public License v3.0

79 stars 27 forks source link

HPFeeds interface #6

Closed glaslos closed 11 years ago

glaslos commented 11 years ago

Add a hpfeeds client subscribing to a channel which provides botnet settings. We are probably using JSON for setting encoding. Add a hpfeeds client publishing data to a channel. We can start with some basic logging information to get status updates from the monitoring bot.

adepasquale commented 11 years ago

I currently have no access to HPF, but I see there's already an HPFeedsLogger ready to be inserted at the "log" layer. Shall we publishing some sample information like "joined channel", "received HELLO", "replied HEY", or maybe some higher level behavioral details?

Regarding the sink, instead, do you think it will fit better at the behavioral layer, or maybe something else?

glaslos commented 11 years ago

The sink is intended to be a source for botnet credentials from my PHP sandbox: https://github.com/glastopf/phpox This is almost finished, just need to do some testing. HPFeeds logging is supposed to be for raw data from the botnet monitors. I'll provide some testing access to HPFeeds this weekend.