IT Threat GeoDashboard
Suspicious is a combination of Open Source software configured to give end users a view on IT threats over an interactive geographical dashboard. You’ll just need an Internet Browser to access the dashboard. This application has been build on a GNU/Linux environment and may work on any UNIX system supporting the following technologies. By the way, there may be PATH and perl REGEXP issues with the perl backend if you try to deploy it on Windows.
- Statistic reports : countries, services, targets
- Threat reports : target, source, geolocalize (country, region, city), service, timelog
- Map features : drag, zoom, select country, select it threat, drag it threat, disperse it threats (double click)
- Timeline reports : move backward and forward in time threat database. Selecting a report before going into timeline mode results into report survey over timeline.
- fail2ban : used to detect, log and act when malicious activity occurs
- MaxMind GeoIP : used to get geographic IP details : latitude, longitude, city, region, country
- perl : used to process strings with perl REGEXP in order to format the data for the frontend, this script produces csv files
- cron : used to update MaxMind GeoIP database and to call backend perl script to push the data to the frontend
- web server : nginx , lighttpd will serve our static files to end-users internet browsers
- d3js : this technology will be used to build the Suspicious GeoDashboard user interface, espacialy for its geographical library
- html/css : user interface