SlideShare a Scribd company logo

Modern Honey Network (MHN)

Download as PPTX, PDF
Jason Trost
Jason Trost

Open source platform for deploying/managing Honeypots & using their data http://threatstream.github.io/mhn/

SoftwareTechnology
1 of 14
Colby DeRodeff Chief Technology Officer Modern Honey Network (MHN) Open Source Honeynet Management Platform Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
Who am I • Jason Trost (@jason_trost) • Senior Analytics Engineer at ThreatStream • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins www.threatstream.com © 2014 threatstream Confidential 2
ThreatStream • Cyber Security company founded in 2013 and recently closed Series A round with Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
Agenda • Background • The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
Background • Honeypots can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
The Problem • Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
What is MHN • Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort – Soon: Suricata, Kippo, others www.threatstream.com © 2014 threatstream Confidential 7
Honeypot Management • MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
Architecture www.threatstream.com © 2014 threatstream Confidential 9 Mnemosyne Webapp REST APIhoneymap MH N 3rd party apps snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors hpfeeds YOURS YOURS YOURS
Demo www.threatstream.com © 2014 threatstream Confidential 10
Open Source (GPLv3) github.com/threatstream/MHN www.threatstream.com © 2014 threatstream Confidential 11
Future Work • Support for more sensors – Suricata – Glastopf – Shiva – Kippo • CEF output for SIEM integration • Better support for Redhat/Centos sensors • More data search/exploration options www.threatstream.com © 2014 threatstream Confidential 12
Questions www.threatstream.com © 2014 threatstream Confidential 13
Contact • Jason Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 14

Recommended

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 

Recommended

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackersBhaskarasai Chitturi
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoringchrissanders88
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 

More Related Content

What's hot

Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoringchrissanders88
 

What's hot (20)

Honeypots
HoneypotsHoneypots
Honeypots
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Honeypot
Honeypot Honeypot
Honeypot
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Metasploit
MetasploitMetasploit
Metasploit
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOAR
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detection
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
malware analysis
malware analysismalware analysis
malware analysis
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
 

Viewers also liked

Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceJason Trost
 
Mirai botnet
Mirai botnetMirai botnet
Mirai botnetOWASP
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup0xcite
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoringchrissanders88
 
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat IntelligenceR-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat IntelligenceJason Trost
 
Siber Olaylara Müdahale Sunumu
Siber Olaylara Müdahale SunumuSiber Olaylara Müdahale Sunumu
Siber Olaylara Müdahale SunumuBGA Cyber Security
 
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıKurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıBGA Cyber Security
 

Viewers also liked (16)

Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security Puzzle
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
 
Mirai botnet
Mirai botnetMirai botnet
Mirai botnet
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoring
 
Honeypots
HoneypotsHoneypots
Honeypots
 
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat IntelligenceR-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
 
Siber Olaylara Müdahale Sunumu
Siber Olaylara Müdahale SunumuSiber Olaylara Müdahale Sunumu
Siber Olaylara Müdahale Sunumu
 
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıKurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
 

Similar to Modern Honey Network (MHN)

Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersJason Trost
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptxHortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptxHortonworks
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Niel Dunnage
 
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the DetailsMake Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the DetailsDataWorks Summit/Hadoop Summit
 
Big data beyond the hype may 2014
Big data beyond the hype may 2014Big data beyond the hype may 2014
Big data beyond the hype may 2014bigdatagurus_meetup
 
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)Spark Summit
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
 
Supporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big DataSupporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big DataWANdisco Plc
 
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...Grid Dynamics
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...Hortonworks
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013Bill Burns
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 
A Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber ThreatsA Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber ThreatsCloudera, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 

Similar to Modern Honey Network (MHN) (20)

Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security Hackers
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptxHortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
 
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the DetailsMake Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
 
Big data beyond the hype may 2014
Big data beyond the hype may 2014Big data beyond the hype may 2014
Big data beyond the hype may 2014
 
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 
Supporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big DataSupporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big Data
 
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance Security
 
A Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber ThreatsA Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber Threats
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
 

More from Jason Trost

BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
An Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesAn Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesJason Trost
 
BinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopBinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopJason Trost
 
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationClairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationJason Trost
 
Accumulo Nutch/GORA, Storm, and Pig
Accumulo Nutch/GORA, Storm, and PigAccumulo Nutch/GORA, Storm, and Pig
Accumulo Nutch/GORA, Storm, and PigJason Trost
 

More from Jason Trost (6)

BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
An Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesAn Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware Sandboxes
 
BinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopBinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in Hadoop
 
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationClairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
 
Accumulo Nutch/GORA, Storm, and Pig
Accumulo Nutch/GORA, Storm, and PigAccumulo Nutch/GORA, Storm, and Pig
Accumulo Nutch/GORA, Storm, and Pig
 

Recently uploaded

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfkalichargn70th171
 
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisNeo4j
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILNatan Silnitsky
 
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...Alluxio, Inc.
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAlluxio, Inc.
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...rajkumar669520
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessWSO2
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Krakówbim.edu.pl
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAlluxio, Inc.
 
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareinfo611746
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationWave PLM
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfOrtus Solutions, Corp
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion Clinic
 

Recently uploaded (20)

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
 
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysis
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
 
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting software
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
 
Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024
 

Modern Honey Network (MHN)

  • 1. Colby DeRodeff Chief Technology Officer Modern Honey Network (MHN) Open Source Honeynet Management Platform Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
  • 2. Who am I • Jason Trost (@jason_trost) • Senior Analytics Engineer at ThreatStream • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins www.threatstream.com © 2014 threatstream Confidential 2
  • 3. ThreatStream • Cyber Security company founded in 2013 and recently closed Series A round with Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
  • 4. Agenda • Background • The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
  • 5. Background • Honeypots can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
  • 6. The Problem • Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
  • 7. What is MHN • Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort – Soon: Suricata, Kippo, others www.threatstream.com © 2014 threatstream Confidential 7
  • 8. Honeypot Management • MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
  • 9. Architecture www.threatstream.com © 2014 threatstream Confidential 9 Mnemosyne Webapp REST APIhoneymap MH N 3rd party apps snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors hpfeeds YOURS YOURS YOURS
  • 10. Demo www.threatstream.com © 2014 threatstream Confidential 10
  • 12. Future Work • Support for more sensors – Suricata – Glastopf – Shiva – Kippo • CEF output for SIEM integration • Better support for Redhat/Centos sensors • More data search/exploration options www.threatstream.com © 2014 threatstream Confidential 12
  • 13. Questions www.threatstream.com © 2014 threatstream Confidential 13
  • 14. Contact • Jason Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 14

Editor's Notes

  1. Good evening welcome to our talk on the Modern Honey Network, an open source platform managing Honeynets
  2. have you tried setting up hpfeeds based data flows? It is a kind of a pain
  3. also open sourced a small supporting project https://github.com/threatstream/snort_hpfeeds