This project facilitates the integration of honeypot logs into a Neo4j graph database using the STIX data model. By mapping honeypot data to STIX objects and relationships, it enables the visualization and analysis of attack patterns within a graph database.
- Data Generation: Generates honeypot logs.
- STIX Mapping: Converts honeypot logs into STIX-compliant objects and relationships.
- Graph Database Integration: Imports STIX data into a Neo4j database for advanced querying and visualization.
- Python 3.8 or higher
- Neo4j 4.0 or higher
-
Clone the Repository:
git clone https://github.com/NIK-SOC/honeypot-logs-integration-into-attack-graph.git cd honeypot-logs-integration-into-attack-graph -
Install Dependencies:
pip install -r requirements.txt
-
Configure Neo4j:
- Ensure Neo4j is installed and running.
-
Configure a
.envfile- Create a
.envfile - Set these variables below:
NEO4J_URINEO4J_PASSWORDNEO4J_USERNEO4J_DATABASE
- Create a
-
Generate Honeypot Logs:
python src/honeypot_logs_integration/honeypot_generator.py
Honeypot log files will be generated in the
.tmp/directory assynthetic_honeypot_logs.json. -
Transform Honeypot Logs Into STIX Model:
python src/honeypot_logs_integration/transform_logs_to_stix.py
Transformed honeypot logs will be saved in the
.tmp/directory ashoneypot_logs_stix.json.This script will parse the logs, map them to STIX objects.
-
Import Honeypot logs into Neo4j
python src/honeypot_logs_integration/loading-into-neo4j.py
Use Neo4j Browser or any compatible tool to explore the imported data.
This project is licensed under the MIT License. See the LICENSE file for details.