I use argus for my daily task, like I mentioned argus client tools are easy to use but hard to master, it is trivial to work with it sometimes. However I believe experience may make you wiser when dealing with complex tools, I really appreciate Hanashi's work on BIRT for sguil report generation. As Hanashi is working on sancp session data, I'm more of looking into argus flow data. Here's very short paper that I have written in using argus client tools(ragrep and radump) to perform botnet detection.
http://www.rawpacket.org/anonymous/argusR/Argus-PracticalBotNetDetection.pdf
The reason why I don't want to post this in blog because it may look cluttered, I welcome any feedbacks and idea about this short paper.
Enjoy ;]
1 comment:
When I try to read this, the PDF is full of empty boxes and no text.
Post a Comment