Announcements |   placeholder

20 - Tools for security alert sharing and processing

Václav Bartoš

The poster, with accompanied lightning talk, presents three closely related projects dealing with security alert sharing and processing. Warden, system for easy sharing of alerts (results of detection of malicious traffic, e.g. from honeypots, IDS, flow analyzers etc.), Mentat, a modular SIEM system for processing these alerts and generating email reports to administrators of affected networks, and Network Entity Reputation Database (NERD), a service providing comprehensive information on IP addresses and other network entites, based of alerts from Warden as well as many other data sources. All these tools are being developed and operated by CESNET, but contributors and users from other networks are very welcome.

Download file