diff --git a/Edge_Investigation_vast.ipynb b/Edge_Investigation_vast.ipynb index b6aa306..1d053bb 100644 --- a/Edge_Investigation_vast.ipynb +++ b/Edge_Investigation_vast.ipynb @@ -2,81 +2,7 @@ "cells": [ { "cell_type": "code", - "execution_count": 69, - "metadata": { - "collapsed": false - }, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "10.13.77.49 connects: 25\n", - "10.138.235.111 connects: 24\n" - ] - } - ], - "source": [ - "attack_heuristics()" - ] - }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "**Notes**" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": { - "collapsed": true - }, - "outputs": [], - "source": [] - }, - { - "cell_type": "code", - "execution_count": 67, - "metadata": { - "collapsed": false, - "scrolled": true - }, - "outputs": [], - "source": [ - "displaythis()\n", - "#geoip()" - ] - }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "Complete batch risk scoring according to rules" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": { - "collapsed": false - }, - "outputs": [], - "source": [ - "set_rules()" - ] - }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "Run attack heuristics." - ] - }, - { - "cell_type": "code", - "execution_count": 2, + "execution_count": 3, "metadata": { "collapsed": false }, @@ -92,7 +18,8 @@ "name": "stderr", "output_type": "stream", "text": [ - ":0: FutureWarning: IPython widgets are experimental and may change in the future.\n" + "C:\\winpython\\python-3.4.4.amd64\\lib\\site-packages\\IPython\\html.py:14: ShimWarning: The `IPython.html` package has been deprecated. You should import from `notebook` instead. `IPython.html.widgets` has moved to `ipywidgets`.\n", + " \"`IPython.html.widgets` has moved to `ipywidgets`.\", ShimWarning)\n" ] } ], @@ -109,13 +36,13 @@ "from IPython.html.widgets import interact, interactive, fixed\n", "from IPython.display import display\n", "\n", - "spath = 'c:\\\\winpython\\\\notebooks\\\\vast\\\\user\\\\vast\\\\'\n", + "spath = 'c:\\\\winpython\\\\notebooks\\\\oni-demo-win\\\\user\\\\vast\\\\'\n", "sconnect = spath + 'lda_scores.csv'\n", "sconnectbu = spath + 'lda_scores_bu.csv'\n", "tmpconnect = sconnect+'.tmp'\n", "stemp = sconnect + '.new'\n", "coff = 150;\n", - "contxtpath = '\\\\vast\\\\iploc\\\\'\n", + "contxtpath = '\\\\oni-demo-win\\\\iploc\\\\'\n", "nwloc = contxtpath + 'networkcontext.txt'\n", "iploc = contxtpath + 'iploc.csv'\n", "\n", @@ -132,22 +59,11 @@ }, { "cell_type": "code", - "execution_count": 55, + "execution_count": 4, "metadata": { "collapsed": false }, - "outputs": [ - { - "data": { - "text/plain": [ - "'c:\\\\winpython\\\\notebooks\\\\vast\\\\user\\\\vast\\\\lda_scores.csv'" - ] - }, - "execution_count": 55, - "metadata": {}, - "output_type": "execute_result" - } - ], + "outputs": [], "source": [ "#shutil.copyfile(sconnectbu,sconnect)\n", "#!cp $sconnectbu $sconnect" @@ -155,7 +71,7 @@ }, { "cell_type": "code", - "execution_count": 3, + "execution_count": 5, "metadata": { "collapsed": false }, @@ -421,34 +337,191 @@ }, { "cell_type": "code", - "execution_count": 4, + "execution_count": 6, + "metadata": { + "collapsed": false + }, + "outputs": [], + "source": [ + "#shutil.copy(sconnectbu,sconnect)" + ] + }, + { + "cell_type": "code", + "execution_count": 7, "metadata": { "collapsed": false }, "outputs": [ { - "data": { - "text/plain": [ - "'c:\\\\winpython\\\\notebooks\\\\vast\\\\user\\\\vast\\\\lda_scores.csv'" - ] - }, - "execution_count": 4, - "metadata": {}, - "output_type": "execute_result" + "name": "stdout", + "output_type": "stream", + "text": [ + "172.30.0.70 connects: 24\n", + "10.138.235.111 connects: 24\n", + "10.13.77.49 connects: 25\n" + ] } ], "source": [ - "shutil.copy(sconnectbu,sconnect)" + "attack_heuristics()" ] }, { "cell_type": "code", - "execution_count": null, + "execution_count": 8, "metadata": { "collapsed": true }, "outputs": [], - "source": [] + "source": [ + "displaythis()\n", + "#geoip()" + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "metadata": { + "collapsed": false + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "[2, '0.000000149', '9/14/2015 17:16', '10.13.77.49', '172.10.0.40', '47131', '80', '0', '0', '206', '162', '3', '3', '0', '1', 'CountryD;CityA', 'Texas;Richardson Laurie Hatfield DBA', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000149', '9/14/2015 14:56', '10.13.77.49', '172.10.0.3', '35579', '25', '0', '0', '112', '58', '2', '1', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.00000015', '9/14/2015 15:10', '10.70.68.127', '172.30.0.4', '6395', '80', '0', '0', '278', '116', '5', '2', '0', '1', 'CountryN;CityA', '-;- Private IP Address LAN', 'countryn.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.00000015', '9/14/2015 15:09', '10.70.68.127', '172.30.0.4', '55759', '80', '19', '1006', '297', '1114', '5', '2', '0', '1', 'CountryN;CityA', '-;- Private IP Address LAN', 'countryn.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000151', '9/10/2015 17:16', '10.13.77.49', '172.10.0.40', '61783', '80', '0', '0', '148', '108', '2', '2', '0', '1', 'CountryD;CityA', 'Texas;Richardson Laurie Hatfield DBA', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000151', '9/14/2015 15:16', '10.13.77.49', '172.10.0.2', '0', '0', '0', '0', '354', '354', '2', '2', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000151', '9/14/2015 15:16', '10.13.77.49', '172.20.0.3', '46032', '25', '0', '0', '496', '280', '8', '4', '0', '1', 'CountryD;CityA', '-;- Private IP Address LAN', 'countryd.citya.com', '-', '0', '', 'Medium', '']\n", + "[2, '0.000000172', '9/11/2015 12:57', '10.200.20.2', '172.30.0.4', '3247', '80', '0', '0', '286', '62', '5', '1', '0', '1', 'CountryI;CityA', '-;- Private IP Address LAN', 'countryI.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000175', '9/14/2015 16:21', '10.138.235.111', '172.10.0.40', '61471', '80', '0', '0', '148', '108', '2', '2', '0', '1', 'CountryE;CityB', 'Texas;Richardson Laurie Hatfield DBA', 'countrye.cityb.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000175', '9/15/2015 7:51', '10.138.235.111', '172.30.0.3', '57672', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000175', '9/11/2015 12:19', '10.138.235.111', '172.30.0.4', '10906', '80', '19', '1006', '243', '1114', '4', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000175', '9/14/2015 17:53', '10.138.235.111', '172.30.0.3', '57363', '25', '0', '94', '286', '318', '5', '4', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000175', '9/15/2015 7:51', '10.138.235.111', '172.30.0.3', '60586', '25', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000175', '9/15/2015 7:51', '10.138.235.111', '172.30.0.3', '57673', '80', '18', '1412', '296', '1636', '5', '4', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000179', '9/10/2015 7:44', '10.78.100.150', '172.20.0.4', '12182', '80', '189', '1401', '413', '1571', '4', '3', '0', '1', 'CountryN;CityU', '-;- Private IP Address LAN', 'countryn.cityu.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000188', '9/14/2015 14:47', '10.13.77.49', '172.30.0.4', '7493', '80', '0', '503', '278', '619', '5', '2', '0', '1', 'CountryD;CityA', '-;- Private IP Address LAN', 'countryd.citya.com', '-', '0', '', 'Medium', '']\n", + "[2, '0.000000218', '9/15/2015 7:51', '10.138.235.111', '172.30.0.3', '57682', '25', '24', '462', '356', '848', '6', '7', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '2.23E-07', '9/18/2015 22:57', '123.151.42.61', '192.56.55.89', '12200', '81', '0', '0', '1', '90', '0', '0', '0', '1', 'Tianjin;Tianjin ChinaNet Tianjin Province Network', 'California;Folsom Intel Corporation', 'chinatelecom.com.cn', 'intel.com', '52', '', 'Extreme', '']\n", + "[2, '2.24E-07', '9/18/2015 18:58', '123.151.42.61', '192.32.54.78', '12200', '81', '0', '0', '1', '90', '0', '0', '0', '1', 'Tianjin;Tianjin ChinaNet Tianjin Province Network', 'California;Folsom Intel Corporation', 'chinatelecom.com.cn', 'intel.com', '52', '', 'Extreme', '']\n", + "[2, '2.26E-07', '9/18/2015 19:01', '123.151.42.61', '134.123.139.04', '12207', '808', '0', '0', '1', '90', '0', '0', '0', '1', 'Tianjin;Tianjin ChinaNet Tianjin Province Network', 'Oregon;Hillsboro Intel Corporation', 'chinatelecom.com.cn', 'intel.com', '52', '', 'Extreme', '']\n", + "[2, '2.27E-07', '9/18/2015 18:39', '123.151.42.61', '134.223.137.23', '12207', '808', '0', '0', '1', '90', '0', '0', '0', '1', 'Tianjin;Tianjin ChinaNet Tianjin Province Network', 'Oregon;Hillsboro Intel Corporation', 'chinatelecom.com.cn', 'intel.com', '52', '', 'Extreme', '']\n", + "[2, '2.30E-07', '9/18/2015 22:28', '123.151.42.61', '192.255.60.134', '12204', '808', '0', '0', '1', '90', '0', '0', '0', '1', 'Tianjin;Tianjin ChinaNet Tianjin Province Network', 'California;Folsom Intel Corporation', 'chinatelecom.com.cn', 'intel.com', '52', '', 'Extreme', '']\n", + "[2, '0.000000238', '9/14/2015 14:54', '10.138.235.111', '172.30.0.4', '20843', '80', '0', '503', '224', '673', '4', '3', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000244', '9/14/2015 14:39', '10.13.77.49', '172.10.0.4', '42391', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000276', '9/14/2015 14:54', '10.138.235.111', '172.30.0.4', '17339', '80', '19', '1006', '297', '1114', '5', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000287', '9/11/2015 12:23', '10.10.11.102', '172.20.0.4', '21630', '80', '19', '1006', '297', '1114', '5', '2', '0', '1', 'CountryB;CityA', '-;- Private IP Address LAN', 'countryb.citya.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000287', '9/11/2015 12:23', '10.10.11.102', '172.20.0.4', '21632', '80', '19', '1006', '297', '1114', '5', '2', '0', '1', 'CountryC;CityA', '-;- Private IP Address LAN', 'countryc.citya.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000339', '9/13/2015 10:24', '10.17.15.10', '172.10.0.3', '26352', '25', '24', '459', '356', '845', '6', '7', '0', '1', 'CountryG;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryg.citya.com', 'sbcglobal.net', '35', '', 'Medium', '']\n", + "[2, '0.000000339', '9/13/2015 10:24', '10.17.15.10', '172.10.0.3', '40710', '25', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryG;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryg.citya.com', 'sbcglobal.net', '35', '', 'Medium', '']\n", + "[2, '0.000000339', '9/13/2015 10:23', '10.17.15.10', '172.10.0.3', '26337', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryG;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryg.citya.com', 'sbcglobal.net', '35', '', 'Medium', '']\n", + "[2, '0.000000339', '9/13/2015 10:34', '10.17.15.10', '172.10.0.40', '40814', '80', '0', '0', '148', '108', '2', '2', '0', '1', 'CountryG;CityA', 'Texas;Richardson Laurie Hatfield DBA', 'countryg.citya.com', 'sbcglobal.net', '35', '', 'Medium', '']\n", + "[2, '0.000000339', '9/13/2015 10:23', '10.17.15.10', '172.10.0.3', '26338', '80', '18', '1412', '296', '1582', '5', '3', '0', '1', 'CountryG;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryg.citya.com', 'sbcglobal.net', '35', '', 'Medium', '']\n", + "[2, '0.000000349', '9/12/2015 5:44', '10.12.15.152', '172.10.0.3', '38915', '25', '24', '460', '356', '846', '6', '7', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 22:31', '10.12.15.152', '172.10.0.3', '39110', '25', '24', '460', '356', '846', '6', '7', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/12/2015 5:44', '10.12.15.152', '172.10.0.3', '38901', '80', '18', '1412', '296', '1690', '5', '5', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 22:30', '10.12.15.152', '172.10.0.3', '39095', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 5:44', '10.12.15.152', '172.10.0.3', '49327', '25', '0', '0', '112', '116', '2', '2', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/12/2015 5:56', '10.12.15.152', '172.10.0.40', '37818', '80', '0', '0', '148', '108', '2', '2', '0', '1', 'CountryC;CityB', 'Texas;Richardson Laurie Hatfield DBA', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/11/2015 10:35', '10.12.15.152', '172.10.0.3', '37551', '25', '0', '0', '112', '116', '2', '2', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/11/2015 11:09', '10.12.15.152', '172.20.0.3', '58150', '25', '0', '0', '112', '116', '2', '2', '0', '1', 'CountryC;CityB', '-;- Private IP Address LAN', 'countryc.cityb.com', '-', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 22:31', '10.12.15.152', '172.10.0.3', '49466', '25', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/12/2015 5:44', '10.12.15.152', '172.10.0.3', '37621', '25', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/12/2015 5:44', '10.12.15.152', '172.10.0.3', '38900', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 22:43', '10.12.15.152', '172.10.0.40', '49583', '80', '0', '0', '148', '108', '2', '2', '0', '1', 'CountryC;CityB', 'Texas;Richardson Laurie Hatfield DBA', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 22:31', '10.12.15.152', '172.10.0.2', '0', '0', '0', '0', '354', '354', '2', '2', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000349', '9/13/2015 22:31', '10.12.15.152', '172.10.0.3', '39096', '80', '18', '1412', '296', '1636', '5', '4', '0', '1', 'CountryC;CityB', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.cityb.com', 'sbcglobal.net', '140', '', 'High', '']\n", + "[2, '0.000000352', '9/11/2015 21:18', '10.6.6.7', '172.20.0.2', '0', '0', '0', '0', '354', '354', '2', '2', '0', '1', 'CountryM;CityA', '-;- Private IP Address LAN', 'countrym.citya.com', '-', '35', '', 'Medium', '']\n", + "[2, '0.000000352', '9/11/2015 21:18', '10.6.6.7', '172.20.0.3', '36931', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryM;CityA', '-;- Private IP Address LAN', 'countrym.citya.com', '-', '35', '', 'Medium', '']\n", + "[2, '0.000000352', '9/11/2015 21:18', '10.6.6.7', '172.20.0.3', '52254', '25', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryM;CityA', '-;- Private IP Address LAN', 'countrym.citya.com', '-', '35', '', 'Medium', '']\n", + "[2, '0.000000352', '9/11/2015 21:18', '10.6.6.7', '172.20.0.3', '36932', '80', '18', '1412', '296', '1636', '5', '4', '0', '1', 'CountryM;CityA', '-;- Private IP Address LAN', 'countrym.citya.com', '-', '35', '', 'Medium', '']\n", + "[2, '0.000000352', '9/11/2015 21:19', '10.6.6.7', '172.20.0.3', '36959', '25', '24', '456', '356', '842', '6', '7', '0', '1', 'CountryM;CityA', '-;- Private IP Address LAN', 'countrym.citya.com', '-', '35', '', 'Medium', '']\n", + "[2, '0.000000364', '9/14/2015 14:31', '10.38.217.48', '172.10.0.4', '5552', '80', '19', '503', '289', '611', '5', '2', '0', '1', 'CountryK:CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryk.citya.com', 'sbcglobal.net', '22', '', 'Low', '']\n", + "[2, '0.000000366', '9/11/2015 12:01', '10.78.100.150', '172.10.0.4', '29933', '80', '19', '503', '289', '611', '5', '2', '0', '1', 'CountryN;CityU', 'California;San Diego Gregory Hout Attorney at Law', 'countryn.cityu.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000377', '9/14/2015 15:02', '10.78.100.150', '172.10.0.4', '42726', '80', '19', '1006', '181', '1114', '3', '2', '0', '1', 'CountryN;CityU', 'California;San Diego Gregory Hout Attorney at Law', 'countryn.cityu.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000378', '9/11/2015 12:08', '10.247.106.27', '172.20.0.4', '17675', '80', '0', '0', '224', '178', '4', '3', '0', '1', 'CountryJ;CityA', '-;- Private IP Address LAN', 'countryj.citya.com', '-', '140', '', 'High', '']\n", + "[2, '0.0000004', '9/11/2015 12:29', '10.200.20.2', '172.30.0.4', '1192', '80', '0', '503', '278', '619', '5', '2', '0', '1', 'CountryI;CityA', '-;- Private IP Address LAN', 'countryI.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.0000004', '9/11/2015 12:29', '10.200.20.2', '172.30.0.4', '1193', '80', '0', '503', '278', '619', '5', '2', '0', '1', 'CountryI;CityA', '-;- Private IP Address LAN', 'countryI.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000408', '9/11/2015 12:44', '10.138.214.18', '172.20.0.15', '48367', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryE;CityA', '-;- Private IP Address LAN', 'countrye.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000416', '9/11/2015 11:59', '10.12.14.15', '172.10.0.4', '55796', '80', '19', '1006', '351', '1114', '6', '2', '0', '1', 'CountryC;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.citya.com', 'sbcglobal.net', '35', '', 'Low', '']\n", + "[2, '0.000000437', '9/11/2015 12:23', '10.170.32.181', '172.20.0.4', '38610', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryH;CityA', '-;- Private IP Address LAN', 'countryh.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000437', '9/11/2015 12:23', '10.170.32.181', '172.20.0.4', '38609', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryH;CityA', '-;- Private IP Address LAN', 'countryh.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000444', '9/14/2015 14:39', '10.13.77.49', '172.10.0.4', '42390', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000444', '9/14/2015 14:39', '10.13.77.49', '172.10.0.4', '42392', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000444', '9/14/2015 14:39', '10.13.77.49', '172.10.0.4', '42393', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000445', '9/14/2015 15:10', '10.70.68.127', '172.30.0.4', '6396', '80', '0', '0', '278', '178', '5', '3', '0', '1', 'CountryN;CityA', '-;- Private IP Address LAN', 'countryn.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000462', '9/14/2015 15:12', '10.15.7.85', '172.30.0.4', '55207', '80', '0', '0', '278', '170', '5', '3', '0', '1', 'CountryF;CityA', '-;- Private IP Address LAN', 'countryf.citya.com', '-', '13', '', 'Low', '']\n", + "[2, '0.000000473', '9/11/2015 11:59', '10.38.217.48', '172.10.0.4', '1292', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryK:CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryk.citya.com', 'sbcglobal.net', '22', '', 'Low', '']\n", + "[2, '0.000000483', '9/14/2015 15:05', '10.13.77.49', '172.20.0.3', '41139', '25', '0', '0', '112', '116', '2', '2', '0', '1', 'CountryD;CityA', '-;- Private IP Address LAN', 'countryd.citya.com', '-', '0', '', 'Medium', '']\n", + "[2, '0.000000483', '9/14/2015 15:06', '10.13.77.49', '172.20.0.3', '46072', '25', '0', '0', '112', '116', '2', '2', '0', '1', 'CountryD;CityA', '-;- Private IP Address LAN', 'countryd.citya.com', '-', '0', '', 'Medium', '']\n", + "[2, '0.000000483', '9/14/2015 15:04', '10.13.77.49', '172.20.0.3', '41121', '25', '0', '0', '112', '116', '2', '2', '0', '1', 'CountryD;CityA', '-;- Private IP Address LAN', 'countryd.citya.com', '-', '0', '', 'Medium', '']\n", + "[2, '0.000000512', '9/11/2015 12:07', '10.78.100.150', '172.10.0.4', '14532', '80', '0', '0', '224', '178', '4', '3', '0', '1', 'CountryN;CityU', 'California;San Diego Gregory Hout Attorney at Law', 'countryn.cityu.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000517', '9/12/2015 15:33', '10.12.14.15', '172.20.0.3', '5067', '80', '18', '1412', '296', '1636', '5', '4', '0', '1', 'CountryC;CityA', '-;- Private IP Address LAN', 'countryc.citya.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000518', '9/15/2015 7:51', '10.138.235.111', '172.30.0.7', '57680', '80', '18', '297', '296', '467', '5', '3', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000518', '9/15/2015 7:51', '10.138.235.111', '172.30.0.6', '57678', '80', '18', '297', '296', '467', '5', '3', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000518', '9/15/2015 7:51', '10.138.235.111', '172.30.0.5', '57676', '80', '18', '297', '296', '467', '5', '3', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000532', '9/14/2015 14:29', '10.247.106.27', '172.20.0.4', '26341', '80', '19', '0', '467', '124', '8', '2', '0', '1', 'CountryJ;CityA', '-;- Private IP Address LAN', 'countryj.citya.com', '-', '140', '', 'High', '']\n", + "[2, '0.000000552', '9/11/2015 12:01', '10.78.100.150', '172.10.0.4', '29827', '80', '19', '0', '243', '170', '4', '3', '0', '1', 'CountryN;CityU', 'California;San Diego Gregory Hout Attorney at Law', 'countryn.cityu.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000552', '9/11/2015 12:01', '10.78.100.150', '172.10.0.4', '29828', '80', '19', '0', '243', '170', '4', '3', '0', '1', 'CountryN;CityU', 'California;San Diego Gregory Hout Attorney at Law', 'countryn.cityu.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000552', '9/11/2015 12:01', '10.78.100.150', '172.10.0.4', '29829', '80', '19', '0', '243', '170', '4', '3', '0', '1', 'CountryN;CityU', 'California;San Diego Gregory Hout Attorney at Law', 'countryn.cityu.com', 'sbcglobal.net', '27', '', 'Low', '']\n", + "[2, '0.000000558', '9/14/2015 15:02', '10.138.214.18', '172.20.0.15', '46389', '80', '19', '1006', '289', '1114', '5', '2', '0', '1', 'CountryE;CityA', '-;- Private IP Address LAN', 'countrye.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000569', '9/11/2015 11:58', '10.57.81.245', '172.30.0.4', '16791', '80', '194', '6094', '418', '6426', '4', '6', '0', '1', 'CountryL;CityZ', '-;- Private IP Address LAN', 'countryl.cityz.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000575', '9/11/2015 12:09', '172.10.2.66', '10.0.0.6', '26028', '80', '175', '432', '337', '594', '3', '3', '1', '0', 'Texas;Richardson Purolator International', 'CountryA;CityA2', 'sbcglobal.net', 'countrya.citya2.com', '', '22', '', 'Low']\n", + "[2, '0.000000576', '9/14/2015 13:27', '172.10.2.106', '10.0.0.6', '11937', '80', '175', '432', '345', '656', '3', '4', '1', '0', 'Texas;Richardson Sunline Energy Inc', 'CountryA;CityA2', 'sbcglobal.net', 'countrya.citya2.com', '', '22', '', 'Low']\n", + "[2, '0.000000576', '9/13/2015 7:11', '172.20.1.81', '10.0.3.77', '3275', '22', '0', '0', '186', '108', '3', '2', '1', '0', '-;- Private IP Address LAN', 'CountryA;CityB', '-', 'countrya.cityb.com', '', '22', '', 'Low']\n", + "[2, '0.000000577', '9/14/2015 1:41', '172.30.1.218', '10.0.3.77', '18325', '22', '0', '0', '186', '108', '3', '2', '1', '0', '-;- Private IP Address LAN', 'CountryA;CityB', '-', 'countrya.cityb.com', '', '22', '', 'Low']\n", + "[2, '0.000000577', '9/14/2015 14:47', '172.30.1.218', '10.0.0.7', '26194', '80', '175', '0', '399', '116', '4', '2', '1', '0', '-;- Private IP Address LAN', 'CountryA;CityA7', '-', 'countrya.citya7.com', '', '22', '', 'Low']\n", + "[2, '0.000000595', '9/11/2015 12:08', '10.170.32.181', '172.20.0.4', '49169', '80', '0', '0', '224', '178', '4', '3', '0', '1', 'CountryH;CityA', '-;- Private IP Address LAN', 'countryh.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000595', '9/11/2015 12:08', '10.170.32.181', '172.20.0.4', '49145', '80', '0', '0', '224', '178', '4', '3', '0', '1', 'CountryH;CityA', '-;- Private IP Address LAN', 'countryh.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000595', '9/11/2015 12:08', '10.170.32.181', '172.20.0.4', '49168', '80', '0', '0', '224', '178', '4', '3', '0', '1', 'CountryH;CityA', '-;- Private IP Address LAN', 'countryh.citya.com', '-', '22', '', 'High', '']\n", + "[2, '0.000000597', '9/12/2015 15:33', '10.12.14.15', '172.20.0.3', '5066', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryC;CityA', '-;- Private IP Address LAN', 'countryc.citya.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000597', '9/12/2015 15:34', '10.12.14.15', '172.20.0.3', '51636', '25', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryC;CityA', '-;- Private IP Address LAN', 'countryc.citya.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000599', '9/12/2015 15:34', '10.12.14.15', '172.20.0.3', '5094', '25', '24', '459', '356', '845', '6', '7', '0', '1', 'CountryC;CityA', '-;- Private IP Address LAN', 'countryc.citya.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000602', '9/11/2015 12:18', '10.57.84.113', '172.30.0.4', '21123', '80', '198', '0', '368', '62', '3', '1', '0', '1', 'CountryL;CityF', '-;- Private IP Address LAN', 'countryl.cityf.com', '-', '10', '', 'Low', '']\n", + "[2, '0.000000629', '9/14/2015 14:35', '10.17.15.10', '172.20.0.15', '2402', '80', '19', '0', '297', '116', '5', '2', '0', '1', 'CountryG;CityA', '-;- Private IP Address LAN', 'countryg.citya.com', '-', '35', '', 'Medium', '']\n", + "[2, '0.000000632', '9/11/2015 12:16', '172.10.0.40', '10.7.5.5', '2811', '21', '0', '0', '124', '108', '2', '2', '1', '0', 'Texas;Richardson Laurie Hatfield DBA', 'CountryN;CityA', 'sbcglobal.net', 'countryn.citya.com', '', '22', '', 'Low']\n", + "[2, '0.000000632', '9/11/2015 12:15', '172.10.0.40', '10.199.250.2', '2777', '21', '199', '578', '1449', '1720', '23', '21', '1', '0', 'Texas;Richardson Laurie Hatfield DBA', 'CountryH;CityZ', 'sbcglobal.net', 'countryh.cityz.com', '', '140', '', 'High']\n", + "[2, '0.000000653', '9/14/2015 6:55', '172.10.0.3', '10.3.1.25', '33941', '25', '0', '0', '194', '0', '3', '0', '1', '0', 'California;San Diego Gregory Hout Attorney at Law', 'CountryK:CityA', 'sbcglobal.net', 'countryk.citya.com', '', '22', '', 'Low']\n", + "[2, '0.000000679', '9/11/2015 11:58', '10.12.14.15', '172.10.0.4', '45147', '80', '19', '1006', '235', '1114', '4', '2', '0', '1', 'CountryC;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.citya.com', 'sbcglobal.net', '35', '', 'Low', '']\n", + "[2, '0.000000679', '9/11/2015 11:58', '10.12.14.15', '172.10.0.4', '45148', '80', '19', '1006', '235', '1114', '4', '2', '0', '1', 'CountryC;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.citya.com', 'sbcglobal.net', '35', '', 'Low', '']\n", + "[2, '0.000000692', '9/15/2015 7:51', '10.138.235.111', '172.30.0.7', '60586', '80', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000692', '9/15/2015 7:51', '10.138.235.111', '172.30.0.6', '60586', '80', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000692', '9/15/2015 7:51', '10.138.235.111', '172.30.0.5', '60586', '80', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000692', '9/15/2015 7:51', '10.138.235.111', '172.30.0.4', '60586', '80', '0', '0', '240', '132', '4', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000702', '9/14/2015 0:46', '10.40.164.25', '172.30.0.6', '26246', '80', '170', '297', '394', '467', '4', '3', '0', '1', 'CountryL;CityA', '-;- Private IP Address LAN', 'countryl.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000707', '9/15/2015 7:22', '10.62.15.101', '172.20.0.3', '6830', '25', '0', '0', '62', '240', '1', '4', '0', '1', 'CountryM;CityW', '-;- Private IP Address LAN', 'countrym.cityw.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000715', '9/14/2015 1:39', '10.83.101.25', '172.20.0.6', '42456', '80', '170', '340', '394', '510', '4', '3', '0', '1', 'CountryO;CityA', '-;- Private IP Address LAN', 'countryo.citya.com', '-', '22', '', 'Low', '']\n", + "[2, '0.000000724', '9/11/2015 12:02', '10.12.14.15', '172.10.0.4', '11814', '80', '0', '0', '286', '116', '5', '2', '0', '1', 'CountryC;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryc.citya.com', 'sbcglobal.net', '35', '', 'Low', '']\n", + "[2, '0.000000732', '9/14/2015 15:01', '10.0.0.42', '172.30.0.4', '50597', '80', '19', '1006', '181', '1114', '3', '2', '0', '1', 'CountryA;CityA', '-;- Private IP Address LAN', 'countrya.citya.com', '-', '51', '', 'Medium', '']\n", + "[2, '0.000000733', '9/13/2015 23:22', '10.0.3.77', '172.20.0.3', '20157', '25', '0', '94', '170', '210', '3', '2', '0', '1', 'CountryA;CityB', '-;- Private IP Address LAN', 'countrya.cityb.com', '-', '35', '', 'Low', '']\n", + "[2, '0.000000764', '9/14/2015 15:01', '10.138.235.111', '172.30.0.4', '13464', '80', '19', '1006', '181', '1114', '3', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000764', '9/14/2015 15:01', '10.138.235.111', '172.30.0.4', '13465', '80', '19', '1006', '181', '1114', '3', '2', '0', '1', 'CountryE;CityB', '-;- Private IP Address LAN', 'countrye.cityb.com', '-', '27', '', 'Low', '']\n", + "[2, '0.000000772', '9/15/2015 8:45', '172.10.0.50', '172.255.255.255', '137', '137', '200', '0', '368', '0', '4', '0', '1', '1', 'Texas;Richardson Scott L Brown', 'Arizona;Phoenix Nobis Technology Group LLC', 'sbcglobal.net', 'nobistech.net', '', '', '', '']\n", + "[2, '0.000000772', '9/14/2015 9:31', '172.10.0.50', '172.255.255.255', '138', '138', '1535', '0', '1871', '0', '8', '0', '1', '1', 'Texas;Richardson Scott L Brown', 'Arizona;Phoenix Nobis Technology Group LLC', 'sbcglobal.net', 'nobistech.net', '', '', '', '']\n", + "[2, '0.000000772', '9/12/2015 7:05', '172.10.0.50', '172.255.255.255', '137', '137', '200', '0', '368', '0', '4', '0', '1', '1', 'Texas;Richardson Scott L Brown', 'Arizona;Phoenix Nobis Technology Group LLC', 'sbcglobal.net', 'nobistech.net', '', '', '', '']\n", + "[2, '0.000000772', '9/14/2015 9:30', '172.10.0.50', '172.255.255.255', '137', '137', '200', '0', '368', '0', '4', '0', '1', '1', 'Texas;Richardson Scott L Brown', 'Arizona;Phoenix Nobis Technology Group LLC', 'sbcglobal.net', 'nobistech.net', '', '', '', '']\n", + "[2, '0.000000773', '9/14/2015 17:03', '10.13.77.49', '172.10.0.3', '21673', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000773', '9/10/2015 17:04', '10.13.77.49', '172.10.0.3', '35732', '25', '0', '94', '224', '318', '4', '4', '0', '1', 'CountryD;CityA', 'California;San Diego Gregory Hout Attorney at Law', 'countryd.citya.com', 'sbcglobal.net', '0', '', 'Medium', '']\n", + "[2, '0.000000774', '9/15/2015 8:40', '172.30.1.18', '10.0.0.10', '1932', '80', '0', '433', '224', '657', '4', '4', '1', '0', '-;- Private IP Address LAN', 'CountryA;CityA4', '-', 'countrya.citya4.com', '', '22', '', 'Low']\n", + "[2, '0.000000775', '9/14/2015 6:48', '172.10.1.23', '10.0.0.12', '5572', '80', '0', '433', '170', '657', '3', '4', '1', '0', 'Texas;Richardson Royce Business Services', 'CountryA;CityA1', 'sbcglobal.net', 'countrya.citya1.com', '', '22', '', 'Low']\n", + "[2, '0.000000775', '9/15/2015 9:02', '172.10.2.115', '10.0.0.5', '12899', '80', '151', '432', '321', '602', '3', '3', '1', '0', 'Texas;Richardson Laaco Ltd C O Prop MGT', 'CountryA;CityA3', 'sbcglobal.net', 'countrya.citya3.com', '', '22', '', 'Low']\n", + "[2, '0.000000776', '9/15/2015 8:43', '172.20.2.11', '10.0.0.13', '4556', '80', '0', '433', '170', '595', '3', '3', '1', '0', '-;- Private IP Address LAN', 'CountryA;CityA6', '-', 'countrya.citya6.com', '', '22', '', 'Low']\n", + "[2, '0.000000777', '9/13/2015 23:36', '172.10.1.161', '10.1.0.75', '2263', '80', '176', '433', '400', '549', '4', '2', '1', '0', 'Texas;Richardson 1-800-Taxicab Inc', 'CountryB;CityV', 'sbcglobal.net', 'countryh.cityz.com', '', '22', '', 'Low']\n", + "[2, '0.000000777', '9/13/2015 7:03', '172.20.1.221', '10.0.0.10', '24120', '80', '0', '433', '170', '657', '3', '4', '1', '0', '-;- Private IP Address LAN', 'CountryA;CityA4', '-', 'countrya.citya4.com', '', '22', '', 'Low']\n", + "rows applied 124\n", + "rows applied 1\n", + "rows applied 1\n" + ] + } + ], + "source": [ + "set_rules()" + ] } ], "metadata": { @@ -467,7 +540,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.4.3" + "version": "3.4.4" } }, "nbformat": 4, diff --git a/index_sconnects.html b/index_sconnects.html index 4f461cc..5b1109d 100644 --- a/index_sconnects.html +++ b/index_sconnects.html @@ -332,7 +332,7 @@ // Document ready $(function () { - var tiNotebookPath = "/notebooks/vast/user/vast/Threat_Investigation_vast.ipynb"; + var tiNotebookPath = "/notebooks/oni-demo-win/user/vast/Threat_Investigation_vast.ipynb"; $("#detect > a").attr('href', tiNotebookPath); $("#stboard > a").attr('href', "storyboard_sconnect.html?dataDate=" + dataDate); @@ -467,7 +467,7 @@ path = path + dataDate + "/Edge_Investigation_" + dataDate + ".ipynb" } else { - path = "../../notebooks/vast/Edge_Investigation_vast.ipynb" + path = "../../notebooks/oni-demo-win/Edge_Investigation_vast.ipynb" } return path; @@ -549,4 +549,4 @@ - \ No newline at end of file +