Download: notice Zip File
| Number of Instances: | 682 | Security Area: | Detection |
|---|---|---|---|
| Number of Attributes: | 21 | Date Donated: | 2012 |
| Missing Values? | - | Associated ML Tasks: | Network Analysis |
Mike Sconzo
Security Repository
Secrepo.com
This is the notice framework which enables Bro to “notice” things which are odd or potentially bad. Decisions of the meaning of various notices need to be done per site because Bro does not ship with assumptions about what is bad activity for sites. More extensive documentation about using the notice framework can be found in Notice Framework.
| Data Type | Count | Unique Values | Missing Values | |
|---|---|---|---|---|
| ts | float64 | 387 | 8 | 295 |
| uid | float64 | 0 | 0 | 682 |
| id.orig_h | float64 | 0 | 0 | 682 |
| id.orig_p | float64 | 0 | 0 | 682 |
| id.resp_h | object | 495 | 1 | 187 |
| id.resp_p | object | 682 | 7 | 0 |
| fuid | object | 682 | 215 | 0 |
| file_mime_type | object | 660 | 41 | 22 |
| file_desc | object | 682 | 64 | 0 |
| proto | object | 534 | 105 | 148 |
| note | float64 | 495 | 25 | 187 |
| msg | float64 | 0 | 0 | 682 |
| sub | object | 682 | 1 | 0 |
| src | object | 682 | 1 | 0 |
| dst | float64 | 682 | 1 | 0 |
| p | object | 682 | 1 | 0 |
| n | float64 | 0 | 0 | 682 |
| peer_descr | float64 | 0 | 0 | 682 |
| actions | float64 | 0 | 0 | 682 |
| suppress_for | float64 | 0 | 0 | 682 |
| dropped | float64 | 0 | 0 | 682 |
Bro Logs http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf
Intrusion Detection Through Relationship Analysis https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-relationship-analysis-37362