Generació d'intel·ligència a partir de la recopilació d'atacs informàtics

Abstract

[en] In this project, I have developed a system to collect, analyze, and store data on real attacks captured from different honeypots. The work has been divided into three parts: the data source (honeypots), the database, and an integration program for these two platforms. For the data source, I have used the T-Pot tool, which allows for the collection of a large volume of data of various types. Then, I installed the MISP platform, which is a specialized database for storing all kinds of incidents and threats. MISP was also installed alongside Cortex, which is a malware analyzer that detects malicious data. Once these tools were installed, I searched for a way to integrate them and make them work together. Therefore, I developed a Python program that connects to them through their respective REST API. The integration program has been developed following good code design practices and applying different design patterns. Additionally, I have ensured to implement it in the most secure way to handle user credentials. The combined work of these tools provides a solid platform for detecting, analy- zing, and responding to threats, enabling more effective management of the collected information and the different tactics used by attackers.