Infosec Data Science
In this post I will explore the data held by Alienvault’s free and public Blacklisted Ips Database.
SIEM Data: Which Public IP’s Are Malicious?
AlienVault’s Public IP Reputation Database
AlienVault is a company that offers its proprietary product, the Unified Security Management Suite that boasts an update from the Open Threat Exchange every half hour, providing something very close to real-time security data.
Databases are a great way to get raw structured data. Thanks to AlienVault’s maintained and public IP Reputation database we have real security data to work with. The purpose being defined as limiting the likelihood that a triggered event will be a false positive if it is from one of these malicious IP’s.
Histograms are a great way to take a look at the data at a high level before further analysis.
top 10 countries by frequency.
This chart tells us that the country with the most records within the dataset is China, followed by the US.
A histogram is essentially a count of frequencies, how often a data factor occurs within a dataset.i.e… how many times each letter occurs in ‘applesauce’.
The data has several other columns such as IP Risk and IP Reliability that can be broken down to get a better look at what the dataset implies for a complete look at these public IP’s reputation.
At a glance. This is the Dashboard view of the workbook.
An aggregated look at Risk
% of total Risk : China
% of total Risk : USA