Skip to content

Latest commit

 

History

History
49 lines (49 loc) · 7.3 KB

Log_Records.md

File metadata and controls

49 lines (49 loc) · 7.3 KB
Raw
  • https://github.com/Cyb3rWard0g/mordor
    The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK Framework. The pre-recorded data represents not only specific known malicious events but additional context/events that occur around it. This is done on purpose so that you can test creative correlations across diverse data sources, enhancing your detection strategy and potentially reducing the number of false positives in your own environment.
  • https://github.com/Neo23x0/exotron
    Reference from the repo: "Big sandbox vendors do not provide the information that a blue teamer would like to see in the reports. For me it was always important to see Windows Eventlog events in these reports - especially to create Sigma rules. The sandboxes that I use do not provide this feature. So I decided to add that feature to the samples that I drop in form of a wrapper. Exotron wraps the sample in a set of commands that run before and after the sample exeuction."
  • https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
    This is a container for windows events samples associated to specific attack and post-exploitation techniques.
  • https://www.stratosphereips.org/datasets-overview
    Has multiple data sets/models created from real malware traffic captures. Inside these datasets are anything from netflow, pcaps, connection summaries, passivedns, or the logs themselves, etc...
  • https://www.secrepo.com
    You can find logs generated for Zeek(Bro), Squid, authd, windows, and others
  • https://www.takakura.com/Kyoto_data/
    Has Zeek(Bro) logs generated from honeypots, "darknet sensors", web crawls, etc...
  • https://github.com/zeek/zeek/tree/master/testing/btest/Baseline
    log examples of Zeek that are used for testing. Can be used as a good baseline for how some of the logs look. It is a bit "difficult" to navigate, but if you click into the folders you will find logs. for example: ntp.log, mqtt connect.log, mqtt_publish.log, mqtt_subscribe.log, radius.log
  • https://summitroute.com/blog/2020/10/09/public_dataset_of_cloudtrail_logs_from_flaws_cloud/
    Public dataset of Cloudtrail logs from flaws.cloud
  • https://github.com/iHeartGraph/PicoDomain The PicoDomain is a compact high-fidelity collection of Zeek logs from a realistic intrusion using relevant Tools, Techniques, and Procedures. It is designed to provide representative traffic of a small Windows domain and be small enough to be used during rapid prototyping.
  • https://github.com/logpai/loghub github collection of logs including Android, Apache, BGL, HDFS, HPC, Hadoop, HealthApp, Linux, Mac, OpenSSH, OpenStack, Proxifier, Spark, Thunderbird, Windows, Zookeeper. This is a github, subset, of the full datasets stored at https://zenodo.org/record/3227177
  • https://zenodo.org/record/3227177 full dataset of https://github.com/logapi/loghub. containing logs of Android, Apache, BGL, HDFS, HPC, Hadoop, HealthApp, Linux, Mac, OpenSSH, OpenStack, Proxifier, Spark, Thunderbird, Windows, Zookeeper.
  • https://github.com/Azure/AzurePublicDataset/blob/master/AzurePublicDatasetV1.md This repository contains a representative subset of the first-party virtual machine workload (VM) of Microsoft Azure in one of its geographical regions. The trace is a sanitized subset of the Azure VM workload described in "Resource Central: Understanding and Predicting Workloads for Improved Resource Management in Large Cloud Platforms" in SOSP’17. We include in this repository a jupyter notebook that directly compares the main characteristics of the two traces, showing that they are qualitatively very similar.
  • https://github.com/Azure/AzurePublicDataset/blob/master/AzurePublicDatasetV2.md This repository contains a representative subset of the first-party virtual machine workload (VM) of Microsoft Azure in one of its geographical regions. The trace is a sanitized subset of the Azure VM workload described in "Resource Central: Understanding and Predicting Workloads for Improved Resource Management in Large Cloud Platforms" in SOSP’17. We include in this repository a jupyter notebook that directly compares the main characteristics of the two traces, showing that they are qualitatively very similar.
  • http://log-sharing.dreamhosters.com/hnet-hon-var-log-02282006.tgz Linux logs /var/log/messages, /var/log/secure , process accounting records /var/log/pacct , other Linux logs, Apache web server logs /var/log/httpd/access_log, /var/log/httpd/error-log, /var/log/httpd/referer-log and /var/log/httpd/audit_log , Sendmail /var/log/mailog, Squid /var/log/squid/access_log, /var/log/squid/store_log, /var/log/squid/cache_log, etc.
  • http://log-sharing.dreamhosters.com/SotM30-anton.log.gz Linux IPTABLES firewall logs
  • http://log-sharing.dreamhosters.com/SotM34-anton.tar.gz correlated Linux /var/log/messages, Apache /var/log/httpd/access_log, /var/log/httpd/error_log, /var/log/httpd/ssl_error, IPTABLES firewall log and Snort NIDS logs /var/log/snortsyslog
  • http://log-sharing.dreamhosters.com/hnet-hon-var-log-08302005.tar.bz2 Linux logs /var/log/messages, /var/log/secure , process accounting records /var/log/pacct , other Linux logs, Apache web server logs /var/log/httpd/access_log, /var/log/httpd/error-log, /var/log/httpd/referer-log and /var/log/httpd/audit_log , Sendmail /var/log/mailog, Squid /var/log/squid/access_log, /var/log/squid/store_log, /var/log/squid/cache_log, etc.
  • http://log-sharing.dreamhosters.com/Bastion.tar /var/log/allow is an ugly mess of a log file produced by setting a syslog daemon to log "*.*" to a single file. The main logging components of interest here are Snort NIDS in inline mode watching a honeynet of Linux systems as well as the iptables firewall for the same. You can ignore the actual Linix syslog, if you'd like, since this is not the victim host log, but the sensor's (unless you are into analyzing the system health of honeypot sensors, that is :-))
  • http://log-sharing.dreamhosters.com/dragon-conv-000_590.tar.bz2 standard Dragon NIDS alert logs, all signatures enabled. Automatic signature update enabled.
  • http://log-sharing.dreamhosters.com/hnet-hon-10122004-var.tar.bz2 Linux logs /var/log/messages, /var/log/secure , process accounting records /var/log/pacct , other Linux logs, Apache web server logs /var/log/httpd/access_log, /var/log/httpd/error-log and , Sendmail /var/log/mailog, Squid /var/log/squid/access_log, /var/log/squid/store_log, /var/log/squid/cache_log, etc. (fun Squid proxy logs during honeynet operation as an open proxy)
  • http://log-sharing.dreamhosters.com/bluecoat_proxy_big.zip Standard web proxy log in W3C format (header, tab separated) from BlueCoat web proxy appliance. These logs were collected on the lab network, simulated traffic might be mixed with production traffic.
  • https://honeynet.onofri.org/misc/files/apache_logs.tar.gz all types of Apache web server (access_log, error_log, audit_log, various ssl logs, etc )