Sometime back when it was still cold (probably in April, I around the time we had that last really wet snowfall of the year, perhaps even when I shot this video of my kids beating up our snowman -- it is amazing how many "snowman beating" videos are in Youtube) I got this wacky idea while stuck in traffic.So the question I had, was why haven't we seen any global (or even Enterprise-wide) log/traffic/alert sharing tools which use P2P technologies? Why haven't we seen a decentralized Dshield? The answer, several months later, was PeerTAB.
Obviously there is no code yet, but there are a reasonably refined set of requirements. Just to be clear, this is not another log analysis tool, or a SIM. It is basically a [hopefully] thin layer on top of JXTA that would allow stuff like Snort logs, netflow-data (lets say from flow-tools), mod-security logs, or whatever to be contributed and searched across a global (or localized) P2P network. I had some initial success in using JRuby and JXTA but there is a lot more to do, so stay tuned.
And if you have any interest in learning about P2P Networking APIs and have some minimal of level of Java/Ruby competence and want to get involved in the project, let me know, let me know.
No comments:
Post a Comment