What is this TIP stuff all about?
The Threat Intelligence Project (TIP) was created to collect information from snort sensors around the globe.
Goals
The goal is to provide useful threat metrics from this data, that include some subjective input (False Positives as submitted by sensor operators).
Example Metrics:
- IP reputation
- Global Rule hit-count
- Rule accuracy
- Packet data (payload)
- Many more to come, please feel free to make suggestion/requests!
Currently we are developing the client / server components that will collect the data and submit it in a secure fashion. The initial release will have allow the participant to obfuscate ip information (source or dest), payload information (your pakets), none, or both!