Showing how to use our Sinfonier tool. Storm + visual coding

2. Sinfonier Storm Builder
for Security Intelligence
Fran Gomez @ffranz
Leonardo Amor @LeoAmorV

3. Storm Builder for Security Intelligence
Connecting information, delivering intelligence
“ ”

4. Telefonica Group
4
21
Countries
>340m
Customers
120.000
Employees
50.377m
Income

5. Our Employees
5
• Mostly:
• Telco engineers
• Computer Science
• Engineers
• ….
• Science or Scientist people

6. But there also space to:
6
• Lawyers
• Business
administration
• Economist
• Psychologist
• Philologist

7. Diversity
7

8. Diversity
8

9. Ideas explosion
9

10. 10
üUnfortunately yet not everyone knows to code
üFortunately everyday schools are getting it should be one more basic class

11. But… Why we need to code?
11
June 2015 Cover
• Hot topic
• +- 2020 Digital natives workforce
How we are introducing code in our kids?

12. The need of visual coding
12

13. Big Data
13

14. Data Visulization
14

15. 15
Real Time Processing

16. 16
“Apache Storm is a free and open source distributed real time computation system.
Storm makes it easy to reliably process unbounded streams of data, doing for real
time processing what Hadoop did for batch processing. Storm is simple, can be
used with any programming language, and is a lot of fun to use! “
http://storm.apache.org/

17. Where used
17

18. 18
• Extremely broad set of use cases
• Scalable
• Guarantees no data loss
• Extremely robust
• Fault-tolerant
• Programming language agnostic

19. 19
Sinfonier

20. 20
Le chiffonnier est un meuble à
tiroirs apparu sous la Régence. Il
est destiné à ranger le linge. Il
est le plus souvent plus haut que
large et possède généralement
un marbre en guise de dessus.

21. 21
Sinfonier is a change in the focus in respect
to current solutions in the area of processing
information in real-time. We combine an
easy-to-use interface, modular and
adaptable, and we integrate it with an
advanced technological solution to allow you
to do the necessary tune up suitable for your
needs in matters of information security.
Sinfonier is borne out of the cooperation and
knowledge, where any work can be re-used
and the efforts are done in improving the
processing and collection of the new
information which is generated.

22. Our Open project to stream processing
22
=
Drag & Drop
Interface
Automatic
Deploy API
Storm
Cluster

23. Visual Progamming
23

24. Modules
24

25. Topologies
25
DRAIN
BOLT
SPOUT
BOLT
DRAIN
DRAIN
SPOUT

26. Topology life cycle
26

27. Topology life cycle
27
Canvas
User Tools Context Info

28. Topology life cycle
28

29. Advantages
29
Collaborative
scheme
Enable automation
through actionable
intelligence thanks
to a flexible
integration
framework
Facilitate
generation,
enrichment and
dissemination of
cybersecurity data
Leverage on
structured
cyber security
data output
normalization

30. Some Modules
30

31. Some Modules
31

32. Adding Knowledge: Modules
32
• Name: Your module name. Must be
UpperCamelCase
• Icon: Add an image.
• Entity: In order to catalog.
• Type: Choose your type of module. Spout,
Bolt and Drain. Won’t be change.
• Language: Java or Python
• Code: Url point to Gist.github.com
• Description: Describe what you module do.
• Fields: Declare your parameters.

33. Adding Knowledge: Modules
33
GIST LOGO

34. Sharing information – The need of standards
34

35. Sharing information – The need of standards
35
• TAXII™, the Trusted Automated eXchange
of Indicator Information;
• STIX™, the Structured Threat Information
eXpression; and
• CybOX™, the Cyber Observable
eXpression.
https://www.us-cert.gov/Information-Sharing-Specifications-Cybersecurity
Information Sharing Specifications for
Cybersecurity

36. But really what we see lately?
ACNS
Mostly:
Not standards at all…
Automated Copyright Notice System (ACNS) 2.0
20% Rejected due to
missing information
ARF
Abuse Reporting Format
(RFC5965)

37. 37
Time to Play

38. Mobile Threats
38

39. Mobile Threats
39

40. Mobile Threats
40

41. Mobile Threats
41

42. 42
PRODUCTION

43. MSS
43
Security Service Portals
Information
Telefonica´s Proprietary Technology
Technology Global
Local
BIG DATA
Security Analytics Sinfonier
Threats Antifraud Vulnerabilities
Ticketing
Information
Security
Alerts
Security Web Portals OB Ticketing
Tool
SIEM
Availability
Information
Health
Supervision
Alert s
Supervision Tool
Saqqara CA/SC
Saqqara RA
Saqqara Broker
Saqqara Dashboard
Real Time Dashboard with:
• Executive views with critical active incidents
and ticketing information
• Full overview of SLA performance and security
indicators continuously available on the web
portal
• Configurable dashboards according to user needs
• Document Management System
GRC
• Legal and regulatory compliance
management
• Risk management
• Business process modeling
• Business continuity management
• Configurable dashboards with
management metrics and indicators
…
Global
Local Local Local
Local
Local
Global
Global
Cybersecurity Services Managed Security
Services
Tools,Processesand
People
RealTime
Processing
Different
Presentations
Threat Detection
Antifraud
Vulnerability
Management
Global

44. MSS
44
kafka
saqq-
avail
saqq-
health-
alarm
saqq-
ticket
saqq-
security-
alarm
Select
Data Source
1
saqq-
ticket
Ticket_id
Alarm_id
saqq-
security
-alarm
Alarm_id
Detection
date
Notification
date
BIG DATA
CASSANDRA
Notification
Time =
Notification date -
Detection date
Process
data
2 Produce
Results
3
Saqqara
Dashboard
MATCH
Alarm_id
In real time

45. Cyber Security
45
Persistence
Analytics
Queue
Real Time
Processing
Ingestion
Internal
Information
Data
Exploitation
Visualization

46. FiWare
46

47. 47
Join us

48. Sinfonier-project Community
48
Join us:
sinfonier-project.net
@e_Sinfonier
@ffranz @LeoAmorV

49. “ ”
All knowledge is connected to all other knowledge.
The fun is in making the connections
Arthur Aufderheide