"But incident coordination is not an easy task, as you must keep track of many details and at the same time keep control over who has access to what information. Two tools that exist that are designed to help teams with incident coordination are AbuseHelper and Palantir. [...] The two previously mentioned frameworks could be seen as starting points from which teams can build their competency." - Damir Rajnovic in the article Who’s Performing Computer Incident Coordination?
AbuseHelper is a product for collecting and sharing intelligence on suspected malicious activity. Monitoring abuse feeds gives you a near real-time capability to observe and react to internal and external threats which affect you and your customers. AbuseHelper produces actionable reports and helps you gain an overall situation awareness on Internet abuse.
Picture: A typical AbuseHelper mail report of suspect network activity.
AbuseHelper is already being used by several organizations from both governmental and private sectors, including CERT-FI, CERT-EE and BELNET CERT. See who else is using AbuseHelper: https://secure.wikimedia.org/wikipedia/en/wiki/Abusehelper#Community
Handle more Abuse with less effort: With AbuseHelper you are able to consume more information sources than ever!
Stay up to date with newest feeds: New Abuse Feeds pop up on monthly basis. Some of them are specializing on latest threats, which you want to be aware of. In typical case you have incorporated new feed to your AbuseHelper within a week from discovery.
Save time & effort: Automate mundane tasks, such as abuse & incident data collection and reporting. Skip the bootstrapping time needed to build your own solution from the ground-up.
Modularity & extensibility: Bring together information from sources with wildly varying qualities (e.g. streaming real time data, daily mail reports, periodically polled HTTP resources, different data formats).
Robustness & scalability: With its botnet inspired architecture AbuseHelper is an extremely robust and scalable solution.
Sharing & collaboration: Benefit from the know-how of other similar actors, share yours to benefit them.
Open source for a closed community: Scalable, robust and actively developed open core, while still allowing non-publicly available extensions.
Developed under the permissive MIT open source license, AbuseHelper is constantly getting better from real input from its users. But it's not all about just software. Common tools, terminology and a growing community help to share information and know-how across organization boundaries. Let's not reinvent the wheel over and over again.
Check out the AbuseHelper source code repository for more information: https://bitbucket.org/clarifiednetworks/abusehelper
- Botnet-inspired XMPP-based architecture.
- Flexible event-driven streaming data model.
- Asynchronous messaging.
- Key-value pairs within event containers.
- Normalization, data deduplication and sanitation.
- Distributed, modular and scalable implementation.
- Polling, feed, expert and administrative bots - one task, one bot.
- Defy boot-order programming.
- Dynamic configuration management and collaboration.
- CLI-based configuration.
- XMPP-based configuration.
- INI-based configuration.
- Wiki-based configuration.
AbuseHelper is a modular, scalable and robust framework to automate your abuse & incident data collection and reporting.
- Part of