SlideShare uma empresa Scribd logo
1 de 28
Baixar para ler offline
AbuseHelper
Lee Harrigan-Green
#nsw44
How we currently process abuse intel
RTIR
Report comes in
Incident handler is alerted to
new ticket
Script parses data and
creates tickets
Incident handler processes
report using home-grown
script
Data distributed to organisations as
part of ticket creation process
#nsw44
How we currently process abuse intel
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
RTIR
Report comes in
Incident handler is alerted to
new ticket
Script parses data and
adds data to existing
ticket
Incident handler
checks ticket for
new data
Incident handler sends data on to site
#nsw44
Process review findings
»Shadowserver data delay ~24hrs
»Getting the latest data sent out requires intervention by an
incident handler
»Incomplete data is sometimes sent out making investigations
difficult
»A response is often not required and creates unnecessary work
for both parties
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
The landscape is evolving
»Major vulnerabilities are being disclosed
»More open/insecure services reachable via the internet
»Malware is frequently becoming more complex
»Guest networks and BYOD == Larger attack surface!
»Increase in intel data and available feeds = security
teams are processing a substantial amount of data
»This means that we need to automate more!
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
We know we can do much better!
»Faster processing
»Timely reporting
»All data should be actionable and relevant
»Must communicate clearly when an acknowledgement or
response is required
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
AbuseHelper
»AbuseHelper or AbuseSA automates the collection, processing
and reporting of intelligence and abuse data to help
organisations secure their networks
»Developed by Codenomicon a branch of Synopsys
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
AbuseHelper –What is it?
The core of AbuseHelper is a framework to help with
automating the distribution of abuse information in
three steps:
»Input feeds
»Processing
»Output
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
AbuseHelper – Input feeds
»Shadowserver
»Codenomicon sinkhole
»Abuse.ch
»Team-Cymru
»Phishtank
»Microsoft CTIP
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
AbuseHelper - Processing
Processing the events from these feeds.
»Augmenting
»Sanitizing
»De-duplicating
»Filtering
»Adding additional data
(GeoIP,Whois, CRM, ASN lookups)
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
AbuseHelper - Output
Sending out actionable reports to our customers.
Outputs supported by AbuseHelper:
»Direct emails
»XMPP feeds
»Incident handling systems
»Updating firewall rules
»CSV
»JSON In the last couple of weeks
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Options available to you!
»Customers can specify how they want their data
»Reporting style – do you want reports per-IP or aggregated per-
org?
»Reporting frequency is based on reporting style:
› Per-IP = near real time
› Aggregated = every 12 hours or daily
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Incident walkthrough
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
Input feeds
Processing
Output
#nsw44
Input feed
»Each feed bot will frequently poll its source and retrieve data for
ASN786
»Once retrieved, each bot will store the data in an XMPP chat
room
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Incident walkthrough
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
Input feeds
Processing
Output
#nsw44
Data Processing
The processing stage allows us to customise certain aspects of the data we receive from
each feed.
We will:
»Filter out reports with “missing data”
»Remove duplicate entries
»Run whois lookups to find correct contacts
»Run GeoIP lookups on IP address
»Retrieve reporting style for each customer
Once this work has been completed, the report is now ready to
be outputted.
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Incident walkthrough
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
Input feeds
Processing
Output
#nsw44
Data output/distribution
»The output stage is where we send the information to you
»Once the processing stage is complete, what’s left will be an
actionable report with the relevant contact details appended
»An “RTIR bot” will then connect to our RTIR instance and send
out data depending on the reporting style configured
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Customer interaction
»All reports will come from intelligence@csirt.ja.net
»We will no longer require a response to issues from this address
»RTIR reference number included with each report
»Feel free to ask for assistance
»Provide feedback where relevant
(samples, C&C hosts, pcaps, proxy logs)
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
How does this improve things for you?
✓Faster processing
✓Timely reporting
✓All data will be actionable
✓Must communicate clearly when an acknowledgement or
response is required
✓Sites will have more information to help secure their networks
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
How does this improve things for Janet CSIRT?
Use of automation where possible to enable us to use our time
for:
»Research
»Writing more best practice and advisory documents
»Proactive “hunting”
»Improve existing services and tools
»Develop new services and tools
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Situational Awareness
»AbuseHelper provides a range of visualisation options giving us a
better view and understanding of the state of security on the
Janet network
»We can see where we’ve improved as a network
»Help identify where we could or should focus our efforts
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Visualisation example
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Visualisation example
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Visualisation example
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Visualisation example
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
Where we are currently
»Around 100 Jisc customers currently receiving AbuseHelper
reporting
»Deployment has been slow due to efforts on other projects
»Currently only processing ShadowServer data
»Feedback from the initial pilot organisations is positive
»Looking for all customers active by June
»If you want to be added sooner please get in contact
24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
#nsw44
jisc.ac.uk
Thanks for listening!
Lee Harrigan-Green
Senior Security Architect
Lee.Harrigan-Green@jisc.ac.uk

Mais conteúdo relacionado

Mais procurados

ICIC 2017: Publication Analysis and Publication Strategy
ICIC 2017: Publication Analysis and Publication Strategy  ICIC 2017: Publication Analysis and Publication Strategy
ICIC 2017: Publication Analysis and Publication Strategy Dr. Haxel Consult
 
7th Content Providers Community Call
7th Content Providers Community Call7th Content Providers Community Call
7th Content Providers Community CallOpenAIRE
 
OpenAIRE@info day_amsterdam_jan_2016
OpenAIRE@info day_amsterdam_jan_2016OpenAIRE@info day_amsterdam_jan_2016
OpenAIRE@info day_amsterdam_jan_2016OpenAIRE
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)OpenAIRE
 
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Institute e-Austria Timisoara
 
151111 tryggve-nordic biobank
151111 tryggve-nordic biobank151111 tryggve-nordic biobank
151111 tryggve-nordic biobankanttipursula
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)OpenAIRE
 
The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...
The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...
The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...OpenAIRE
 
Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...
Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...
Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...OpenAIRE
 
THOR Ambassador Webinar
THOR Ambassador WebinarTHOR Ambassador Webinar
THOR Ambassador WebinarMaaike Duine
 
20170501 Distributed Network of Digital Heritage Information
20170501  Distributed Network of Digital Heritage Information20170501  Distributed Network of Digital Heritage Information
20170501 Distributed Network of Digital Heritage InformationEnno Meijers
 
balloon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesballoon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesKai Schlegel
 
OpenAIRE implementing open science
OpenAIRE implementing open scienceOpenAIRE implementing open science
OpenAIRE implementing open scienceJisc
 
Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...
Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...
Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...Martin Hamilton
 
OpenAIRE-connect: Services for open science
OpenAIRE-connect: Services for open scienceOpenAIRE-connect: Services for open science
OpenAIRE-connect: Services for open scienceJisc
 
Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challengeStratio
 
The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...
The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...
The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...OpenAIRE
 
How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...Jisc
 
balloon Fusion: SPARQL Rewriting Based on Unified Co-Reference Information
balloon Fusion: SPARQL Rewriting Based on  Unified Co-Reference Informationballoon Fusion: SPARQL Rewriting Based on  Unified Co-Reference Information
balloon Fusion: SPARQL Rewriting Based on Unified Co-Reference InformationKai Schlegel
 
New Product Introductions - Minesoft
New Product Introductions - MinesoftNew Product Introductions - Minesoft
New Product Introductions - MinesoftDr. Haxel Consult
 

Mais procurados (20)

ICIC 2017: Publication Analysis and Publication Strategy
ICIC 2017: Publication Analysis and Publication Strategy  ICIC 2017: Publication Analysis and Publication Strategy
ICIC 2017: Publication Analysis and Publication Strategy
 
7th Content Providers Community Call
7th Content Providers Community Call7th Content Providers Community Call
7th Content Providers Community Call
 
OpenAIRE@info day_amsterdam_jan_2016
OpenAIRE@info day_amsterdam_jan_2016OpenAIRE@info day_amsterdam_jan_2016
OpenAIRE@info day_amsterdam_jan_2016
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
 
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
 
151111 tryggve-nordic biobank
151111 tryggve-nordic biobank151111 tryggve-nordic biobank
151111 tryggve-nordic biobank
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
 
The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...
The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...
The OpenAIRE Catalogue of Services: Towards Open Science - Workshop: Design y...
 
Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...
Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...
Overview of the OA mandate and OpenAIRE infrastructure, Inge Van Nieuwerburgh...
 
THOR Ambassador Webinar
THOR Ambassador WebinarTHOR Ambassador Webinar
THOR Ambassador Webinar
 
20170501 Distributed Network of Digital Heritage Information
20170501  Distributed Network of Digital Heritage Information20170501  Distributed Network of Digital Heritage Information
20170501 Distributed Network of Digital Heritage Information
 
balloon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesballoon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of services
 
OpenAIRE implementing open science
OpenAIRE implementing open scienceOpenAIRE implementing open science
OpenAIRE implementing open science
 
Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...
Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...
Jisc support for equipment sharing - update for S-Lab Rothamsted conference J...
 
OpenAIRE-connect: Services for open science
OpenAIRE-connect: Services for open scienceOpenAIRE-connect: Services for open science
OpenAIRE-connect: Services for open science
 
Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challenge
 
The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...
The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...
The Scholix Framework and the OpenAIRE Scholexplorer Service (OpenAIRE webina...
 
How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...
 
balloon Fusion: SPARQL Rewriting Based on Unified Co-Reference Information
balloon Fusion: SPARQL Rewriting Based on  Unified Co-Reference Informationballoon Fusion: SPARQL Rewriting Based on  Unified Co-Reference Information
balloon Fusion: SPARQL Rewriting Based on Unified Co-Reference Information
 
New Product Introductions - Minesoft
New Product Introductions - MinesoftNew Product Introductions - Minesoft
New Product Introductions - Minesoft
 

Destaque

Internet in space - Networkshop44
Internet in space - Networkshop44Internet in space - Networkshop44
Internet in space - Networkshop44Jisc
 
Application of Assent in the safe - Networkshop44
Application of Assent in the safe -  Networkshop44Application of Assent in the safe -  Networkshop44
Application of Assent in the safe - Networkshop44Jisc
 
How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44Jisc
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Jisc
 
Professional development processes - Networkshop44
Professional development processes -  Networkshop44Professional development processes -  Networkshop44
Professional development processes - Networkshop44Jisc
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44Jisc
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment  - Networkshop44Greenbone vulnerability assessment  - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
Eduroam seminar - Networkshop44 2016
Eduroam seminar - Networkshop44 2016Eduroam seminar - Networkshop44 2016
Eduroam seminar - Networkshop44 2016Jisc
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44Jisc
 
Network performance lessons from the coal face - Networkshop44
Network performance lessons from the coal face - Networkshop44Network performance lessons from the coal face - Networkshop44
Network performance lessons from the coal face - Networkshop44Jisc
 
End to end performance - Networkshop44
End to end performance -  Networkshop44End to end performance -  Networkshop44
End to end performance - Networkshop44Jisc
 
Jisc update janet6 upgrade networkshop44
Jisc update janet6 upgrade   networkshop44Jisc update janet6 upgrade   networkshop44
Jisc update janet6 upgrade networkshop44Jisc
 
Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44Jisc
 
Finding vulnerabilities - networkshop44
Finding vulnerabilities  - networkshop44Finding vulnerabilities  - networkshop44
Finding vulnerabilities - networkshop44Jisc
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Jisc
 
Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44Jisc
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Jisc
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
Data centre networking at the University of Bristol - Networkshop44
Data centre networking at the University of Bristol  - Networkshop44Data centre networking at the University of Bristol  - Networkshop44
Data centre networking at the University of Bristol - Networkshop44Jisc
 

Destaque (20)

Internet in space - Networkshop44
Internet in space - Networkshop44Internet in space - Networkshop44
Internet in space - Networkshop44
 
Application of Assent in the safe - Networkshop44
Application of Assent in the safe -  Networkshop44Application of Assent in the safe -  Networkshop44
Application of Assent in the safe - Networkshop44
 
How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44
 
Professional development processes - Networkshop44
Professional development processes -  Networkshop44Professional development processes -  Networkshop44
Professional development processes - Networkshop44
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment  - Networkshop44Greenbone vulnerability assessment  - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 
Eduroam seminar - Networkshop44 2016
Eduroam seminar - Networkshop44 2016Eduroam seminar - Networkshop44 2016
Eduroam seminar - Networkshop44 2016
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
 
Network performance lessons from the coal face - Networkshop44
Network performance lessons from the coal face - Networkshop44Network performance lessons from the coal face - Networkshop44
Network performance lessons from the coal face - Networkshop44
 
End to end performance - Networkshop44
End to end performance -  Networkshop44End to end performance -  Networkshop44
End to end performance - Networkshop44
 
Jisc update janet6 upgrade networkshop44
Jisc update janet6 upgrade   networkshop44Jisc update janet6 upgrade   networkshop44
Jisc update janet6 upgrade networkshop44
 
Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44
 
Finding vulnerabilities - networkshop44
Finding vulnerabilities  - networkshop44Finding vulnerabilities  - networkshop44
Finding vulnerabilities - networkshop44
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44
 
Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44
 
Data centre networking at the University of Bristol - Networkshop44
Data centre networking at the University of Bristol  - Networkshop44Data centre networking at the University of Bristol  - Networkshop44
Data centre networking at the University of Bristol - Networkshop44
 

Semelhante a Abuse helper app - Networkshop44

Best Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseBest Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseSplunk
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
The Present and Future of Serverless Observability
The Present and Future of Serverless ObservabilityThe Present and Future of Serverless Observability
The Present and Future of Serverless ObservabilityC4Media
 
Introduction to Streaming Analytics
Introduction to Streaming AnalyticsIntroduction to Streaming Analytics
Introduction to Streaming AnalyticsGuido Schmutz
 
WJAX 2019 - Taking Distributed Tracing to the next level
WJAX 2019 - Taking Distributed Tracing to the next levelWJAX 2019 - Taking Distributed Tracing to the next level
WJAX 2019 - Taking Distributed Tracing to the next levelFrank Pfleger
 
2014-12-16 defense news - shutdown the hackers
2014-12-16  defense news - shutdown the hackers2014-12-16  defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackersShawn Wells
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Splunk
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc
 
Primend Pilvekonverents - Azure Infrastruktuur
Primend Pilvekonverents - Azure InfrastruktuurPrimend Pilvekonverents - Azure Infrastruktuur
Primend Pilvekonverents - Azure InfrastruktuurPrimend
 
Nuix webinar presentation: See the bigger picture faster – early case assessm...
Nuix webinar presentation: See the bigger picture faster – early case assessm...Nuix webinar presentation: See the bigger picture faster – early case assessm...
Nuix webinar presentation: See the bigger picture faster – early case assessm...Nina Ananiasvili
 
Introduction to Stream Processing
Introduction to Stream ProcessingIntroduction to Stream Processing
Introduction to Stream ProcessingGuido Schmutz
 
The art of the event streaming application: streams, stream processors and sc...
The art of the event streaming application: streams, stream processors and sc...The art of the event streaming application: streams, stream processors and sc...
The art of the event streaming application: streams, stream processors and sc...confluent
 
Kafka summit SF 2019 - the art of the event-streaming app
Kafka summit SF 2019 - the art of the event-streaming appKafka summit SF 2019 - the art of the event-streaming app
Kafka summit SF 2019 - the art of the event-streaming appNeil Avery
 
Adventures in Real-World Data Science
Adventures in Real-World Data ScienceAdventures in Real-World Data Science
Adventures in Real-World Data Scienceroblund
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observabilityYan Cui
 
Filtering From the Firehose: Real Time Social Media Streaming
Filtering From the Firehose: Real Time Social Media StreamingFiltering From the Firehose: Real Time Social Media Streaming
Filtering From the Firehose: Real Time Social Media StreamingCloud Elements
 
SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...
SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...
SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...DataWorks Summit
 

Semelhante a Abuse helper app - Networkshop44 (20)

Best Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseBest Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The Enteprrise
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
The Present and Future of Serverless Observability
The Present and Future of Serverless ObservabilityThe Present and Future of Serverless Observability
The Present and Future of Serverless Observability
 
Introduction to Streaming Analytics
Introduction to Streaming AnalyticsIntroduction to Streaming Analytics
Introduction to Streaming Analytics
 
WJAX 2019 - Taking Distributed Tracing to the next level
WJAX 2019 - Taking Distributed Tracing to the next levelWJAX 2019 - Taking Distributed Tracing to the next level
WJAX 2019 - Taking Distributed Tracing to the next level
 
2014-12-16 defense news - shutdown the hackers
2014-12-16  defense news - shutdown the hackers2014-12-16  defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout Session
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...
 
Primend Pilvekonverents - Azure Infrastruktuur
Primend Pilvekonverents - Azure InfrastruktuurPrimend Pilvekonverents - Azure Infrastruktuur
Primend Pilvekonverents - Azure Infrastruktuur
 
Nuix webinar presentation: See the bigger picture faster – early case assessm...
Nuix webinar presentation: See the bigger picture faster – early case assessm...Nuix webinar presentation: See the bigger picture faster – early case assessm...
Nuix webinar presentation: See the bigger picture faster – early case assessm...
 
Introduction to Stream Processing
Introduction to Stream ProcessingIntroduction to Stream Processing
Introduction to Stream Processing
 
IoT & Azure
IoT & AzureIoT & Azure
IoT & Azure
 
The art of the event streaming application: streams, stream processors and sc...
The art of the event streaming application: streams, stream processors and sc...The art of the event streaming application: streams, stream processors and sc...
The art of the event streaming application: streams, stream processors and sc...
 
Kafka summit SF 2019 - the art of the event-streaming app
Kafka summit SF 2019 - the art of the event-streaming appKafka summit SF 2019 - the art of the event-streaming app
Kafka summit SF 2019 - the art of the event-streaming app
 
Adventures in Real-World Data Science
Adventures in Real-World Data ScienceAdventures in Real-World Data Science
Adventures in Real-World Data Science
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observability
 
Filtering From the Firehose: Real Time Social Media Streaming
Filtering From the Firehose: Real Time Social Media StreamingFiltering From the Firehose: Real Time Social Media Streaming
Filtering From the Firehose: Real Time Social Media Streaming
 
SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...
SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...
SDM (Standardized Data Management) - A Dynamic Adaptive Ingestion Frameworks ...
 

Mais de Jisc

Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 
ExpertsknightOct23.pptx
ExpertsknightOct23.pptxExpertsknightOct23.pptx
ExpertsknightOct23.pptxJisc
 
BeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptxBeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptxJisc
 

Mais de Jisc (20)

Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 
ExpertsknightOct23.pptx
ExpertsknightOct23.pptxExpertsknightOct23.pptx
ExpertsknightOct23.pptx
 
BeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptxBeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptx
 

Último

Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17Celine George
 
Over the counter (OTC)- Sale, rational use.pptx
Over the counter (OTC)- Sale, rational use.pptxOver the counter (OTC)- Sale, rational use.pptx
Over the counter (OTC)- Sale, rational use.pptxraviapr7
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17Celine George
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTDR. SNEHA NAIR
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
EBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting BlEBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting BlDr. Bruce A. Johnson
 
Optical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxOptical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxPurva Nikam
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptxSandy Millin
 
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptxSOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptxSyedNadeemGillANi
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Dr. Asif Anas
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustSavipriya Raghavendra
 

Último (20)

Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
March 2024 Directors Meeting, Division of Student Affairs and Academic Support
March 2024 Directors Meeting, Division of Student Affairs and Academic SupportMarch 2024 Directors Meeting, Division of Student Affairs and Academic Support
March 2024 Directors Meeting, Division of Student Affairs and Academic Support
 
How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17
 
Over the counter (OTC)- Sale, rational use.pptx
Over the counter (OTC)- Sale, rational use.pptxOver the counter (OTC)- Sale, rational use.pptx
Over the counter (OTC)- Sale, rational use.pptx
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
EBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting BlEBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting Bl
 
Optical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxOptical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptx
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
 
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptxSOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
 

Abuse helper app - Networkshop44

  • 2. #nsw44 How we currently process abuse intel RTIR Report comes in Incident handler is alerted to new ticket Script parses data and creates tickets Incident handler processes report using home-grown script Data distributed to organisations as part of ticket creation process
  • 3. #nsw44 How we currently process abuse intel 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) RTIR Report comes in Incident handler is alerted to new ticket Script parses data and adds data to existing ticket Incident handler checks ticket for new data Incident handler sends data on to site
  • 4. #nsw44 Process review findings »Shadowserver data delay ~24hrs »Getting the latest data sent out requires intervention by an incident handler »Incomplete data is sometimes sent out making investigations difficult »A response is often not required and creates unnecessary work for both parties 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 5. #nsw44 The landscape is evolving »Major vulnerabilities are being disclosed »More open/insecure services reachable via the internet »Malware is frequently becoming more complex »Guest networks and BYOD == Larger attack surface! »Increase in intel data and available feeds = security teams are processing a substantial amount of data »This means that we need to automate more! 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 6. #nsw44 We know we can do much better! »Faster processing »Timely reporting »All data should be actionable and relevant »Must communicate clearly when an acknowledgement or response is required 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 7. #nsw44 AbuseHelper »AbuseHelper or AbuseSA automates the collection, processing and reporting of intelligence and abuse data to help organisations secure their networks »Developed by Codenomicon a branch of Synopsys 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 8. #nsw44 AbuseHelper –What is it? The core of AbuseHelper is a framework to help with automating the distribution of abuse information in three steps: »Input feeds »Processing »Output 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 9. #nsw44 AbuseHelper – Input feeds »Shadowserver »Codenomicon sinkhole »Abuse.ch »Team-Cymru »Phishtank »Microsoft CTIP 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 10. #nsw44 AbuseHelper - Processing Processing the events from these feeds. »Augmenting »Sanitizing »De-duplicating »Filtering »Adding additional data (GeoIP,Whois, CRM, ASN lookups) 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 11. #nsw44 AbuseHelper - Output Sending out actionable reports to our customers. Outputs supported by AbuseHelper: »Direct emails »XMPP feeds »Incident handling systems »Updating firewall rules »CSV »JSON In the last couple of weeks 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 12. #nsw44 Options available to you! »Customers can specify how they want their data »Reporting style – do you want reports per-IP or aggregated per- org? »Reporting frequency is based on reporting style: › Per-IP = near real time › Aggregated = every 12 hours or daily 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 13. #nsw44 Incident walkthrough 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) Input feeds Processing Output
  • 14. #nsw44 Input feed »Each feed bot will frequently poll its source and retrieve data for ASN786 »Once retrieved, each bot will store the data in an XMPP chat room 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 15. #nsw44 Incident walkthrough 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) Input feeds Processing Output
  • 16. #nsw44 Data Processing The processing stage allows us to customise certain aspects of the data we receive from each feed. We will: »Filter out reports with “missing data” »Remove duplicate entries »Run whois lookups to find correct contacts »Run GeoIP lookups on IP address »Retrieve reporting style for each customer Once this work has been completed, the report is now ready to be outputted. 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 17. #nsw44 Incident walkthrough 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) Input feeds Processing Output
  • 18. #nsw44 Data output/distribution »The output stage is where we send the information to you »Once the processing stage is complete, what’s left will be an actionable report with the relevant contact details appended »An “RTIR bot” will then connect to our RTIR instance and send out data depending on the reporting style configured 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 19. #nsw44 Customer interaction »All reports will come from intelligence@csirt.ja.net »We will no longer require a response to issues from this address »RTIR reference number included with each report »Feel free to ask for assistance »Provide feedback where relevant (samples, C&C hosts, pcaps, proxy logs) 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 20. #nsw44 How does this improve things for you? ✓Faster processing ✓Timely reporting ✓All data will be actionable ✓Must communicate clearly when an acknowledgement or response is required ✓Sites will have more information to help secure their networks 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 21. #nsw44 How does this improve things for Janet CSIRT? Use of automation where possible to enable us to use our time for: »Research »Writing more best practice and advisory documents »Proactive “hunting” »Improve existing services and tools »Develop new services and tools 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 22. #nsw44 Situational Awareness »AbuseHelper provides a range of visualisation options giving us a better view and understanding of the state of security on the Janet network »We can see where we’ve improved as a network »Help identify where we could or should focus our efforts 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 23. #nsw44 Visualisation example 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 24. #nsw44 Visualisation example 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 25. #nsw44 Visualisation example 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 26. #nsw44 Visualisation example 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 27. #nsw44 Where we are currently »Around 100 Jisc customers currently receiving AbuseHelper reporting »Deployment has been slow due to efforts on other projects »Currently only processing ShadowServer data »Feedback from the initial pilot organisations is positive »Looking for all customers active by June »If you want to be added sooner please get in contact 24/03/2016 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 28. #nsw44 jisc.ac.uk Thanks for listening! Lee Harrigan-Green Senior Security Architect Lee.Harrigan-Green@jisc.ac.uk