Read data from multiple sensors

stratosphereips / AIP

The Attacker IP Prioritizer(AIP) dynamically generates resource-friendly IPv4 blocklists from Zeek network flows.

https://www.stratosphereips.org

GNU General Public License v3.0

32 stars 9 forks source link

Read data from multiple sensors #62

Open verovaleros opened 3 weeks ago

verovaleros commented 3 weeks ago

Right now AIP input data is very strict and it makes it hard to work with. Specifically, it should auto discover the zeek logs in the raw folder such as it would be possible to have data from multiple sensors/honeypots:

data/raw/sensor1/<zeek-logs>
data/raw/sensor2/<zeek-logs>
data/raw/sensorN/<zeek-logs>

Right now the only apparent accepted input is:

data/raw/YYYY-MM-DD/conn.*.gz

verovaleros commented 2 weeks ago

This is going to be a large issue to solve. Requires deep understanding of data/access.py and data/functions.py.