Infosec Data Science

In this post I will explore the data held by Alienvault’s free and public Blacklisted Ips Database.

SIEM Data: Which Public IP’s Are Malicious?

AlienVault’s Public IP Reputation Database

AlienVault is a company that offers its proprietary product, the Unified Security Management Suite that boasts an update from the Open Threat Exchange every half hour, providing something very close to real-time security data.

Databases are a great way to get raw structured data. Thanks to AlienVault’s maintained and public IP Reputation database we have real security data to work with. The purpose being defined as limiting the likelihood that a triggered event will be a false positive if it is from one of these malicious IP’s.

A Histogram

Histograms are a great way to take a look at the data at a high level before further analysis.


top 10 countries by frequency.

counts_rep.png

This chart tells us that the country with the most records within the dataset is China, followed by the US.

A histogram is essentially a count of frequencies, how often a data factor occurs within a dataset.i.e… how many times each letter occurs in ‘applesauce’.

Screen Shot 2016-10-01 at 4.26.26 PM.png

Next Steps

The data has several other columns such as IP Risk and IP Reliability that can be broken down to get a better look at what the dataset implies for a complete look at these public IP’s reputation.

At a glance. This is the Dashboard view of the workbook.


screenshot


Risk 1-7

An aggregated look at Risk

Screen Shot 2016-10-10 at 9.25.48 PM.png

% of total Risk : China

Screen Shot 2016-10-10 at 9.51.06 PM.png

% of total Risk : USA

Screen Shot 2016-10-10 at 9.51.24 PM.png

Ranking, aggregated

Screen Shot 2016-10-11 at 12.56.49 PM.png



Written on May 10, 2018