mandiant / geologonalyzer Goto Github PK
View Code? Open in Web Editor NEWGeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.
License: Apache License 2.0
geologonalyzer's People
Contributors
Stargazers
Watchers
Forkers
fyodorr avaudioplayer p3t3rp4rk3r thecanary jkuofm27 trietptm-on-coding-algorithms readshaw r1j1k toxi22 sck-nogas akpotter lengyun123456 zminjiao yeahbytes qsdj zypan kyhwana nxt-fmiquel jack51706 azurecloudmonk renepm silverheartshafiq jock312452 cephurs swang007 modulexcite johndoex1 aramrami ccorp cha0sangel tquentin quinn-yan hopewellb blue-infosec false00 bahadirpektas 4k4xs4ph1r3 savobit hartl3y94 ccdev-labs aeae995 timb-machine-mirrors i1337m ratatoskr47 jimoyong 4n6mole echetto noodled mikikatz 3v1lw1th1n 62p hamarituc trellixvulnteam rakhithjk demize ethicalsecurity-agencygeologonalyzer's Issues
AttributeError: 'Reader' object has no attribute 'asn'
I got this error whenever i executed command
raceback (most recent call last):
File "GeoLogonalyzer.py", line 985, in
main(args)
File "GeoLogonalyzer.py", line 762, in main
asn_db_match = asn_db_reader.asn(ip_string)
AttributeError: 'Reader' object has no attribute 'asn'
Unhandled exception when ASN names contain non-ASCII characters
Thanks for developing this helpful tool.
When running with some of my own test data, I encountered an encoding issue with ASN names containing non-ASCII, UTF-8 encoded characters.
Here's a suggested fix to diff_dict_to_list() to address this issue:
def diff_dict_to_list(logon_diff_dict):
"""Convert logon_diff_dict to list for printing"""
first_asn_name = logon_diff_dict.get("first_asn_name", "")
if first_asn_name is None:
first_asn_name = ""
first_asn_name = first_asn_name.encode('utf-8').strip()
second_asn_name = logon_diff_dict.get("second_asn_name", "")
if second_asn_name is None:
second_asn_name = ""
second_asn_name = second_asn_name.encode('utf-8').strip()
return ([str(logon_diff_dict.get("user", "")),
str(logon_diff_dict.get("anomalies_string", "")),
str(logon_diff_dict.get("first_time", "")),
str(logon_diff_dict.get("first_ip", "")),
str(logon_diff_dict.get("first_ip_dch_company", "")),
str(logon_diff_dict.get("first_country", "")),
str(logon_diff_dict.get("first_subdivision", "")),
str(logon_diff_dict.get("first_location", "")),
str(logon_diff_dict.get("first_asn_number", "")),
first_asn_name,
str(logon_diff_dict.get("first_client", "")),
str(logon_diff_dict.get("first_hostname", "")),
str(logon_diff_dict.get("first_streak", "")),
str(logon_diff_dict.get("second_time", "")),
str(logon_diff_dict.get("second_ip", "")),
str(logon_diff_dict.get("second_ip_dch_company", "")),
str(logon_diff_dict.get("second_country", "")),
str(logon_diff_dict.get("second_subdivision", "")),
str(logon_diff_dict.get("second_location", "")),
str(logon_diff_dict.get("second_asn_number", "")),
second_asn_name,
str(logon_diff_dict.get("second_client", "")),
str(logon_diff_dict.get("second_hostname", "")),
str(logon_diff_dict.get("location_miles_diff", "")),
str(logon_diff_dict.get("time_seconds_diff", "")),
str(logon_diff_dict.get("miles_per_hour", ""))])
FR: make an option to exclude mobile networks
If you have a sim card with global data plan, your location may appear weird as your connections would always be routed via home network APN.
is there a limitation for the lines ?
hello guys
I tried the script with CSV log file contains 14606 lines
I got the following error
Traceback (most recent call last):
File "./GeoLogonalyzer.py", line 980, in
main(args)
File "./GeoLogonalyzer.py", line 662, in main
time, ip_string, user, hostname, client = get_csv_details(line)
File "./GeoLogonalyzer.py", line 301, in get_csv_details
ip_string = line_list[2].strip()
are you aware about any limitation ?
Request
So I have few thoughts —ip-only does it need followed by anything? Can you add some stats like total logons and unique login counts?
And last another useful option might me —user-stats, where you give counts of logons per user for and IP address and longest steaks.
You can close this out I just wanted to suggest this if you thought it would be useful and easy to do.
Thank you!
Bundle ASNs for ISPs together for ASN check
Bundle ASNs of common ISP providers together (i.e. put all AT&T ASNs into one AT&T bucket) so that if a logon session switches between two ASNs owned by the same ISP it's not treated as an anomalous change. I think this is pretty safe (at least for US based ISPs) and would greatly cut down on noise.
Virus Total / Hybrid Analysis Result
Support IP2Location LITE
This is an interesting project. Do you plan to support alternative geolocation database which has more information such as ZIP code etc.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.