irongenlog - an IF-MAP client for generic log-files

Within the SIMU research project we implemented an IF-MAP client that is able to provide IF-MAP publisher functionality to arbitrary logging-based tools - irongenlog.

irongenlog, which is available as always via our Github account, allows to use a doman specific language together with logstash to quickly transfer log output from an arbitrary program into IF-MAP data.

We ship irongenlog with a short reference of how to use the domain specific language and an example binding for the dnsmasq DHCP and DNS service.

If you have any comments or questions, please contact us at f4-i-trust@lists.hs-hannover.de or directly create an Issue at the corresponding Github-project page.

22 Jun 2015

IF-MAP and Syslog - ironsyslog

With ironsyslog we present a new IF-MAP client that acts as a bridge between Syslog and IF-MAP.

Developed during the SIMU research project, ironsyslog acts as a Syslog relay server that puts incoming log messages through complex event processing (CEP), whose rules then map the messages onto IF-MAP identifier and metadata, that are published to a MAP server in the end.

ironsyslog is available at our Github account, feel free to contact us at f4-i-trust@lists.hs-hannover.de or directly create an Issue at the corresponding Github-project page if you encounter any problems.

15 Jun 2015

Trust@HsH at RSA Conference 2015

alternate text

Leonard Renners and Bastian Hellmann of the Trust@HsH research group participated at this years RSA conference in San Francisco (20th-24th April).

On Monday 20th during the TCG associated seminar “Should We Trust Mobile Computing, IoT and the Cloud? No, But There Are Solutions”, Trust@HsH presented two live demonstrations showcasing IF-MAP and its possibilites to integrate network (security) components of different vendors.

First demo booth together with DECOIT
Figure 1: First demo booth together with DECOIT, titled "Near Real-time Network Security with an IF-MAP-based SIEM Approach"

The first demo, created in cooperation with DECOIT GmbH, presents an approach to build a SIEM system with IF-MAP based components. This demonstration contained results of the completed research project VisITMeta as well as from the still ongoing SIMU project.

Second demo booth together with Pulse Secure and DECOIT
Figure 2: Second demo booth together with Pulse Secure and DECOIT, titled "BYOD Solutions well in hand"

The second demo was put together with Pulse Secure and DECOIT GmbH, integrating components from all three vendors to demonstrate a BYOD scenario, where all components work together to monitor a smartphones behaviour once connected to a company network and take automatic actions when behaving in a bad way.

Impressions from outside the Moscone Center South
Figure 3: Impressions from outside the Moscone Center South

As last year, the conference was a great opportunity to get in contact with people interested in network security in general and IF-MAP in particular. There were again some great talks and panels with security experts like Bruce Schneier, Adi Shamir and Whitfield Diffie (as for example in this great panel), as well as some inspiring keynotes featuring both prospects of network security’s future and talks on (more or less) unrelated topics.

Here are some general impressions of the city of San Francisco (luckily shot at better weather conditions compared to last years attendance).

AT&T ball park
Figure 4: AT&T park
Lombard Street as seen from Coit tower
Figure 5: Lombard Street (as seen from Coit tower)
Golden Gate bridge
Figure 6: Golden Gate bridge (overlook at Hawk Hill)
Sunset and Golden Gate bridge
Figure 7: Sunset and Golden Gate bridge
05 May 2015

Meet the Trust@HsH team at the RSA conference 2015 in San Francisco

The Trust@HsH research group will present their IF-MAP related work on this year’s RSA conference during the Trusted Computing Groups Association Seminar and Demonstration Showcase on Mondyay, 20th April in the time from 9AM to 1PM (PST).

It will be held at the Moscone Convention Center (West) in the room 2002/2006.

We will be participating at 2 out of the 20 different demonstration booths, showcasing our IF-MAP tools, like the MAP server irond or the visualisation client VisITMeta in collaboration with tools from other vendors like DECOIT or Pulse Secure.

The Trust@HsH team will be happy to welcome you at our booths titled BYOD Solutions Well in Hand: Standards-Based Mobile Security and Near Real-Time Network Security with an IF-MAP-Based SIEM Approach!

16 Apr 2015

Bugfixes for VisITMeta

We released two bugfixes for our IF-MAP visualization software VisITMeta, so the current version is 0.4.2.

Bugs fixed:

  • Wrong rendering of links between vendor-specific metadata
  • Wrong behavior when changing colors of metadata nodes and selecting single nodes
08 Apr 2015

VisITMeta 0.4.0 released

Our IF-MAP visualization software VisITMeta has been released in version 0.4.0.

It features the following changes:

  • Search functionality: it is now possible to search for metadata and identifier nodes within the GUI, by using a very simplistic search “language”
  • New history navigation via tabs for live, history and delta view
  • Support for metadata published via the notify operation (only accessible via the REST interface at the moment)
  • Now using of ironcommon, our new utility library for ifmapj-based projects
  • Integration of Checkstyle plugin into our Maven build environment
  • Modified Maven pom.xml so that running VisITMeta within Eclipse should now be possible
  • Some minor bugfixes

Screenshot of VisITMeta GUI v0.4.0 The screenshot shows the new search functionality via searching for all nodes containing ip and 10.0.0 as well as all nodes exactly matching device; all nodes that do not match the search string are rendered slightly transparent. The screenshot also shows the new tab-based control over history navigation.

As always, the sourcecode is available at Github on the projects repository page.

23 Mar 2015

Several new releases of iron* software

During the last days we released new versions of nearly all our IF-MAP based software. Most releases are due to an integration of the Checkstyle plugin and changes to the Unix start scripts.

Some projects however received additional updates and functionality, as listed below:

  • ifmapj 2.2.2 (also on Maven Central)
    • Fixed a bug regarding the date format in logging (thanks to Markus Schölzel from DECOIT)
  • irondemo 0.5.0
    • Ability to start needed components via agenda
    • Fixes to project configurations
  • irondetect 0.0.8
    • As db4o is no longer available, we now use YAML to define and load the training data

We also released a new helper library called ironcommon, that contains things like

  • Checkstyle policy and How-To to include it in Eclipse
  • Added Eclipse formatter and clean-up files
  • (first version of) YAML configuration file handling

It is available via Github and Maven Central; our other projects will be adapted .

The sourcecode of all projects is also available at Github on the projects repository page.

06 Mar 2015

VisITMeta 0.3.0 released

Today we released a new version of our IF-MAP visualization software VisITMeta.

Version 0.3.0 features the following changes:

  • bugfixes for handling of circular graphs, deltas that contain subgraphs and wrong order of handling updates and deletes from incoming IF-MAP poll results
  • improvements to YAML configuration file usage
  • JUnit tests of the main interface (and the underlying graph handling) to external services

The sourcecode of VisITMeta is also available at Github on the projects repository page.

16 Dec 2014
TrustAtHsH-logo
HsH-F4-logo
Trust@HsH
Hochschule Hannover
University of Applied Sciences and Arts
Faculty IV, Dept. of Computer Science
Ricklinger Stadtweg 120
30459 Hannover, Germany
f4-i-trust@lists.hs-hannover.de
Google+ Twitter Youtube Atom-Feed