Hello and welcome to the Friday, May 8th, 2006 edition of the Sands Internet Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode is brought you by the sands.edu credit certificate program in cyber security engineering.

In diaries today, we had another diary by one of our undergraded interns. In this case, Eric

Rolton wrote about how to create better sort of analytics UIs to analyze Honeypot logs. And of course, this can be adopted to other types of logs too.

A problem with all these dashboards and such is often that they're too static.

You may have created them years ago or such for a particular problem you had back then,

but they often aren't sort of adjusted very frequently

to really sort of point out what's new and what's interesting in the data. So what Eric did here

is Eric wrote a Python script that will first of all summarize all the data and create a summarized

version in a standardized format.

And then, well, Eric, as the kids do it these days, send AI after the data and had AI,

in this case, create a dashboard to display the data.

And I'm actually quite impressed with the different dashboards that

Claude came up with here. So there are some generic security dashboards that have things

that you would sort of expect, things like, you know, how many ports scanned, how many requests

we had, different time series and the like. But then there are also some things like,

what are, for example, the big actors?

And then what are those actors doing?

So essentially a dashboard that will just summarize the traffic

for a particular actor or for a particular vulnerability

that's being exploited.

So yes, lots of classic dashboards have these kind of features, but of course having the

simplicity of creating, essentially wipe coding, these dashboards, I think makes out of sense.

...