Overview

We have launched some new data collection projects relatively recently in addition to the original DShield project. What happens to all that data being collected? When there appears to be enough data to publicly release, the reports will likely be linked to from our Reports page at https://isc.sans.edu/reports.html. You can get there by clicking Data/Reports or its sub-menu Summary Page on the top-right menu. We've highlighted some of these projects in past Features but let's list them all out here.

Features

Data Collection - https://isc.sans.edu/reports.html#collect
This section was added recently as a central location to list new and existing data collection and reporting projects.

• ISC/DShield API - Click for previous feature diary coverage.
• HTTP Headers - Project to find how many sites use security relevant headers. Read Jason Lam's diary on HTTP Headers.
• 404Project - Click for previous feature diary coverage.
• Fake Call Tech Support Calls - Newly launched information collection form in response to understanding the growing number of cold-call Fake Tech Support Calls.

Top 10 Ports - https://isc.sans.edu/reports.html#top10ports
Summary table of the top 10 ports listed by Reports, Targets, Sources with link to Port Report Page at https://isc.sans.edu/portreport.html

• Available on the ISC Dashboard.
• Option on customization page once logged in.

World Map - https://isc.sans.edu/reports.html#worldmap
Graphics map of country statistics (This deserves more in-depth coverage in another feature diary...Stay Tuned!) with link to Country Report Page at https://isc.sans.edu/countryreport.html

• Available on the ISC Dashboard.
• Option on https://isc.sans.edu/customize.htmlisc.sans.edu/customize.html once logged in.
• Available in the right column on the homepage.

Top Source IPs - https://isc.sans.edu/reports.html#top10source
Top 10 Source IPs as collected by DShield sensor listed with count, number of attacks, first seen and last seen with link to Top Sources Page at https://isc.sans.edu/sources.html

• Available on the ISC Dashboard.
• Option on customization page once logged in.

Additional Reports - https://isc.sans.edu/reports.html#additional

• AS Reports - DShield data by ASN information
• Country Reports - Dshield data by Country information
• Survival Time - calculated as the average time between reports for an average target IP address
• Trends of Ports - attempt to put a number to the increase in activity for a given port. Also available on the Dashboard and right column of the homepage.
• Daily Data Volume (Submissions/day) - Summaries with graph, table and criteria form

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center - https://isc.sans.edu