Logs are not just a stream of information. Logs and events can tell a story about what happened, when, why, how, and who done it. Thus, any company ignoring their logs have a real challenge when dealing with information security.
To help your logs tell the story, it’s best to augment them with other bits of information. Typically, this is done after the fact by an analyst or investigator. The down side to this, is that it’s after the event has happened, and in a lot of scenarios, the augmented data has changed. The IP for a domain name has changed for example.
Beyond that, there is already intelligence lists that provide details on any given IP, Domain name, file hash and other metadata.
In this post, we’ll explore bridging the Collective Intelligence Framework version 2 (CIFv2) and those logs using Logstash.
You'll need to write a script to take the data you have from your own IP database and output the data to match the CSV data. You'll need to ensure you map your physical locations to a location as listed in the GeoLiteCity-Location.csv file - Feel free to add your own as required.
The output of your script should match:
"IP start range in INT notation", "IP end range in INT notation","Location ID from GeoLiteCity-Location.csv"
Finally, after you concat the original data and your data, you'll run the mmutil tool: csv2dat.py
mmutils does nothing about duplicate IPs. You need to make sure that your input data does not over lap either already existing IPs, or itself in anyway. IE: If you have Public IP space and you want to identify where those spaces exist, you need to remove the already existing data from maxmind.
I'm a big fan of Air Canada, however, this past time flying has really left a sour taste in my mouth. When leaving LAS a few weeks ago there was serious delay in leaving. From what I understand the local LAS ground crew could not figure out how to secure an aisle wheel chair for use in YUL. (YUL Didn't have one? Really?) It took over an hour for what appeared to be a manager to come on board and take charge in getting it done. At this point, I was at least half way though the movie I was watching (007 if I remember correctly).
Although I was pre-occupied by my movie, I was informed later that the flight crew was blaming the person needing the "special equipment" instead of the crew not being able to secure it. This left me an hour + delayed getting into YUL for my connection.
Unfortunately, this is where the problems really started. When arriving at YUL, the connection desk help already had my hotel and food vouchers ready for me (YEAH!). Alas, when I arrived at the hotel it was already -8 rooms. Which, as it turns out Air Canada was told this 5+ hours prior. (BOO!)
I'll let the following list of tweets explain what happens next (as I tweeted in real time, and there is time stamps :) )
Start Time: 20:58 EDT - My Flight to YSJ was at 20:45.
Initial Tweet: https://twitter.com/coolacid/status/364188506039812096
First Hotel: https://twitter.com/coolacid/status/364191467792637953
Going to Second Hotel: https://twitter.com/coolacid/status/364199958901448704
Additional Tweet One: https://twitter.com/coolacid/status/364199958901448704
Second Hotel: https://twitter.com/coolacid/status/364206485196124160
Hotel Does Stuff: https://twitter.com/coolacid/status/364207193614069760
Additional Tweet Two: https://twitter.com/coolacid/status/364210079694082048
Additional Tweet Three: https://twitter.com/coolacid/status/364213078650404865
Back to the Airport: https://twitter.com/coolacid/status/364216376363614208
Back to the Airport Two: https://twitter.com/coolacid/status/364221561420926976
At this point, there was absolutely no people to be found at the YUL counters. I ended up calling the only number I could find which was some traveler help desk, which gave me grief. Fortunately some staff was found by the other people in my newly formed group. Turns out, before getting to the Marriott, the support staff (not the counter staff) was going to send us all to a third hotel which was also full. Fortunately, the local counter people verified and sent us all to the Marriott instead.
Finally Checking into a hotel: https://twitter.com/coolacid/status/364232798216785920
Finally at a hotel: 23:54 - 6 Minutes before Kitchen Closes for dinner
Thinking ahead, I quickly ran to the hotel restaurant to beg for support while we all checked in - the manager (I assume) quickly grabbed a bunch of menus and took our order from the hotel check-in desk so we were able to submit prior to the kitchen closing. THANK YOU Merriott!
This is cataloging how I build my own MusicBrainz Server. Dated: March 2013. This makes the assumption you know how to manage virtual machines, and use linux.
Looks like the CRA is rolling out a new login option (began early November 2012) to access the CRA "My Account website". You still have the option of using your old CRA login - however, if you're anything like me, you've probably forgotten the Login-ID, which of course, you can't retrieve. But - Not to freat, you have the option of creating (yet) another new account, and now, you won't have to remember your login!
CRA is working with Canadian banks on a service called: "SecureKey Concierge" ( http://securekeyconcierge.com/ ).
"SecureKey Concierge offers a convenient way to sign in to Government of Canada services. Instead of remembering yet another username and password that you rarely ever use, you can choose to sign in with a brand that you know, and use, regularly… such as your favourite Financial Institution, Bank or Credit Card."
I'd like to say - what could possibly go wrong and leave it at that, but, that isn't going to happen. Let's explore the option.