Download: notice Zip File
| Number of Instances: | 2843 | Security Area: | Detection |
|---|---|---|---|
| Number of Attributes: | 26 | Date Donated: | 2012 |
| Missing Values? | - | Associated ML Tasks: | Network Analysis |
Mike Sconzo
Security Repository
Secrepo.com
This is the notice framework which enables Bro to “notice” things which are odd or potentially bad. Decisions of the meaning of various notices need to be done per site because Bro does not ship with assumptions about what is bad activity for sites. More extensive documentation about using the notice framework can be found in Notice Framework.
| Data Type | Count | Unique Values | Missing Values | |
|---|---|---|---|---|
| ts | float64 | 2843 | 2619 | 0 |
| uid | object | 2810 | 2313 | 33 |
| id.orig_h | object | 2810 | 128 | 33 |
| id.orig_p | float64 | 2810 | 158 | 33 |
| id.resp_h | object | 2810 | 636 | 33 |
| id.resp_p | float64 | 2810 | 17 | 33 |
| fuid | object | 2746 | 2746 | 97 |
| file_mime_type | object | 2746 | 5 | 97 |
| file_desc | object | 2746 | 1856 | 97 |
| proto | object | 2843 | 1 | 0 |
| note | object | 2843 | 3 | 0 |
| msg | object | 2843 | 870 | 0 |
| sub | object | 2843 | 846 | 0 |
| src | object | 2843 | 128 | 0 |
| dst | object | 2810 | 636 | 33 |
| p | int64 | 2843 | 22 | 0 |
| n | float64 | 0 | 0 | 2843 |
| peer_descr | object | 2843 | 1 | 0 |
| actions | object | 2843 | 1 | 0 |
| suppress_for | float64 | 2843 | 1 | 0 |
| dropped | object | 2843 | 1 | 0 |
| remote_location.country_code | float64 | 0 | 0 | 2843 |
| remote_location.region | float64 | 0 | 0 | 2843 |
| remote_location.city | float64 | 0 | 0 | 2843 |
| remote_location.latitude | float64 | 0 | 0 | 2843 |
| remote_location.longitude | float64 | 0 | 0 | 2843 |
Bro Logs http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf
Neise, Patrick. "Intrusion Detection Through Relationship Analysis". Oct 2016 https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-relationship-analysis-37352
Frances Bernadette C. De Ocampo, Trisha Mari L. Del Castillo, Miguel Alberto N. Gomez. "AUTOMATED SIGNATURE CREATOR FOR A SIGNATURE BASED INTRUSION DETECTION SYSTEM WITH NETWORK ATTACK DETECTION CAPABILITIES". 2013 http://sdiwc.net/digital-library/automated-signature-creator-for-a-signature-based-intrusion-detection-system-with-network-attack-detection-capabilities-pancakes.html