TL;DR
This paper presents a system for collecting and storing SSH connection artifacts, providing a REST API similar to passive DNS and malware registries to aid cyber threat investigations and infrastructure monitoring.
Contribution
It introduces a novel system for storing SSH forensic artifacts with a REST API, enhancing incident response and threat intelligence capabilities.
Findings
System enables efficient collection of SSH artifacts
API facilitates integration with existing threat intelligence tools
Supports incident investigations and infrastructure monitoring
Abstract
This paper describes a system for storing historical forensic artefacts collected from SSH connections. This system exposes a REST API in a similar fashion as passive DNS databases, malware hash registries, and SSL notaries with the goal of supporting incident investigations and monitoring of infrastructure.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
