Rudimentary Intelligence and Threat Analysis Application, An ancillary application to add cloud based reputation and analysis web services to provide value to my Graylog instance.
Project Moved to a Private Repo. May be back in the future.
POC Objectives:
- Pull IP and DNS Data from Graylog HTTP REST API Streams - Complete
- Queue IP and DNS information into MongoDB for processing - Complete
- Process records from mongoDB by:
- Making a local lookup to the MongoDB Threat Cache
- Make a cloud lookup if no Cached record, or cached record is stale
- Cache Record locally after Cloud lookup
- Delete Queued Record
- If a potential threat is detected then create an incident record.
- Validate incident threat via additional cloud resources
- Push gathered incident data to Graylog via GELF
Future Objectives:
- Add capibilites for multi-threading.
- Rewrite modules to be OO instead of procedural.