open data Giacomo Lanzi

Hadoop Open Data Model: “open” data collection

Estimated reading time: 5 minutes

With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we the Apache Open Data Model meets.

The common Open Data Model for networks, endpoints and users has several advantages. For example, easier integration between various security applications, but companies are also made it easier to share analytics in case new threats are detected.

Hadoop offers adequate tools to manage a Security Data Lake (SDL) and big data analysis. It can also detect events that are usually difficult to identify, such as lateral movement , data leaks, internal problems or stealth behavior in general. Thanks to the technologies behind the SDL it is possible to collect the data of the SIEM to be able to exploit them through SOCaaS since, being a free Open Data Model, the logs are stored in such a way that they can be used by anyone.

open data model nodes

What is Hadoop Open Data Model

Apache Hadoop is free and open source software that helps companies gain insight into their network environments. The analysis of the collected data leads to the identification of potential security threats or any attacks that take place between the resources in the cloud.

While traditional Cyber Threat Intelligence tools help identify threats and attacks in general, an Open Data Model provides a tool that allow companies to detect suspicious connections using flow and packet analysis.

H adoop Open Data Model combines all security-related data (events, users, networks, etc.) into a single visual area that can be used to identify threats effectively. It is You can also use them to create new analytical models. In fact, an Open Data Model allows the sharing and reuse of threat detection models.

An Open Data Model also provides a common taxonomy to describe the security telemetry data used to detect threats. Using data structures and schemas in the Hadoop platform it is possible to collect, store and analyze security-related data.

Open Data Model Hadoop, the advantages for companies

  • Archive a copy of the data security telemetry
  • Leverage out-of-the-box analytics to detect threats targeting DNS, Flow and Proxy
  • Build custom analytics based on your needs
  • – Allows third parties to interact with ‘Open Data Model
  • Share and reuse models of threat detection, algorithms, visualizations and analysis from the community Apache Spot .
  • Leverage security telemetry data to better detect threats
  • Using security logs
  • Obtain data from users , endpoints and network entities
  • Obtain threat intelligence data

Open Data Model: types of data collected

To provide a complete security picture and to effectively analyze cyber threat data, you need to collect and analyze all logs and alerts regarding security events and contextual data related to the entities you are dealing with referenced in these logs . The most common entities include the network, users and endpoints, but there are actually many more, such as files and certificates.

Due to the need to collect and analyze security alerts, logs and contextual data, the following types of data are included in the Open Data Model.

Security Event Alerts in Open Data Model

These are event logs from common data sources used to identify threats and better understand network flows. For example operating system logs, IPS logs, firewall logs, proxy logs, web and many more.

Network context data

These include network information that is accessible to anyone from the Whois directory, as well as resource databases and other similar data sources.

User context data

This type of data includes all information relating to the management of users and their identity. Also included are Active Directory, Centrify and other similar systems.

Endpoint context data

Includes all information about endpoint systems (server, router, switch). They can come from asset management systems, vulnerability scanners and detection systems.

Contextual threat data

This data contains contextual information on URLs, domains, websites, files and much more, always related to known threats.

Contextual data on vulnerabilities

This data includes information on vulnerabilities and vulnerability management systems.

Articles from the RoadMap

This is file context data, certificates, naming convention.

open data model cover

Name of attributes

A naming convention is required for an Open Data Model in order to represent attributes between the vendor’s products and technologies. The naming convention consists of prefixes (net, http, src, dst, etc) and common attribute names (ip4, usarname, etc).

It is still a good idea to use multiple prefixes in combination with one attribute.

Conclusions

We have seen what the Hadoop Open Data Model is and how it can be used thanks to its ability to filter traffic and highlight potential cyber attacks by listing suspicious flows, threats to users, threats to endpoints and major network threats.

If you have any doubts or would like further clarification, do not hesitate to contact us by pressing the button below, we will be happy to answer any question.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • Stored XSS with Filter Bypass - blogenginev3.3.8 December 19, 2024
    Posted by Andrey Stoykov on Dec 18# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024 # Exploit Author: Andrey Stoykov # Version: 3.3.8 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html Stored XSS Filter Bypass #1: Steps to Reproduce: 1. Login as admin and go to "Content" > "Posts" 2. On […]
  • [SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269) December 19, 2024
    Posted by Matthias Deeg via Fulldisclosure on Dec 18Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom Affected Version(s): 14.5.0.15 Tested Version(s): 14.5.0.15 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-10-18 Solution Date: 2024-12-17 Public Disclosure:...
  • [KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities December 17, 2024
    Posted by Egidio Romano on Dec 16--------------------------------------------------------------------------- GFI Kerio Control
  • RansomLordNG - anti-ransomware exploit tool December 17, 2024
    Posted by malvuln on Dec 16This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever […]
  • APPLE-SA-12-11-2024-9 Safari 18.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-9 Safari 18.2 Safari 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121846. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Ventura and macOS Sonoma Impact: On a […]
  • APPLE-SA-12-11-2024-8 visionOS 2.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-8 visionOS 2.2 visionOS 2.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121845. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Crash Reporter Available for: Apple Vision Pro Impact: An app may […]
  • APPLE-SA-12-11-2024-7 tvOS 18.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-7 tvOS 18.2 tvOS 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121844. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple TV HD and Apple TV 4K (all […]
  • APPLE-SA-12-11-2024-6 watchOS 11.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-6 watchOS 11.2 watchOS 11.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121843. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Watch Series 6 and later Impact: A […]
  • APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 macOS Ventura 13.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121842. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Ventura Impact: An […]
  • APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 macOS Sonoma 14.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121840. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Sonoma Impact: An […]

Customers

Newsletter

{subscription_form_1}