1. /sin’fɒnjə/
Security Intelligence

2. Army Knowledge Online (www.us.army.mil) FM 2-0 INTELLIGENCE
/sin’fɒnjə/

3. /sin’fɒnjə/
The Intelligence Cycle
Direction
http://www.cni.es/es/queescni/ciclo/
Collection
Analysis
Dissemination

4. /sin’fɒnjə/
This is NOT OSINTThis is Copy & Paste
http://tinyurl.com/pavtula
http://tinyurl.com/npegzok
http://tinyurl.com/q2ag2b9
February 26, 2014

5. What is Intelligence?
Quite simply, intelligence is the information our
nation’s leaders need to keep our country safe.
Our leaders, like the President, make policy
decisions based on this intelligence.
/sin’fɒnjə/
Intelligence (Kids’ Zone)
https://www.cia.gov/kids-page/6-12th-grade/who-we-are-what-we-do/what-is-intelligence.html

6. • The generation of knowledge in support of
decision makers
Troubleshooting
Anticipation
• Intelligence is people (but not all people are
intelligent):
– Methodologies
– Tools
– Techniques
/sin’fɒnjə/
Intelligence

7. sheer volumen of information
volatile
time saving
gather
structure enrich
classify
store
realtime
analyze
/sin’fɒnjə/
Tools are Essential
integrate

8. /sin’fɒnjə/
Storm Builder for Security Intelligence

9. /sin’fɒnjə/
Storm
“Apache Storm is a free and open source distributed realtime computation system.
Storm makes it easy to reliably process unbounded streams of data,
doing for realtime processing what Hadoop did for batch processing.
Storm is simple, can be used with any programming language,
and is a lot of fun to use! “
http://storm.incubator.apache.org/

10. /sin’fɒnjə/
Visual Programming
http://blog.interfacevision.com/design/design-visual-progarmming-languages-snapshots/

11. /sin’fɒnjə/
Module: Types
SPOUT BOLT DRAIN

12. /sin’fɒnjə/
Module: Types
SPOUT
“A spout is a source of streams in a
computation. Typically a spout reads from a
queueing broker such as Kestrel, RabbitMQ, or
Kafka, but a spout can also generate its own
stream or read from somewhere like the Twitter
streaming API. Spout implementations already
exist for most queueing systems.”

13. /sin’fɒnjə/
Module: Types
BOLT
“A bolt processes any number of input streams
and produces any number of new output
streams. Most of the logic of a computation goes
into bolts, such as functions, filters, streaming
joins, streaming aggregations, talking to
databases, and so on.”

14. /sin’fɒnjə/
Module: Types
DRAIN
?

15. /sin’fɒnjə/
Define a Module
Load to Storm
Use in a Topology
Upload your Code
Share on
Sinfonier
Module: Life Cycle

16. /sin’fɒnjə/
Make a Topology
Run on Storm
Check Dashboard
Show results
Topology

17. cat /var/log/named/query.log | grep "IN A" | awk '{ print $6 }'
| awk -F"#" '{print $1}' |sort -n | uniq -c | sort -rn | head |
awk '{ printf $1",";system("curl -s http://freegeoip.net/csv/"$2
| cut –d”,” –f3 )}’
curl --retry 3 --insecure -s https://www.rootedcon.es/ | grep -E
'href="http://.*rootedcon.es'| awk -F"href="" '{print $2}' |
sed 's|".*||g' | xargs curl -s -o /dev/null --write-out
"%{http_code}:%{size_download}n"| awk -F":" '{ if ( $1 ==
"200") { print "RSS size: " $2} }'
crontab -l
# m h dom mon dow command
@reboot /usr/bin/python /home/charlie/.ave_phoenix.py
30 7,15,23 * * * /home/charlie/vigila/gauchap.sh –tweet fotos
2>&1 >/dev/null
/sin’fɒnjə/
Shell Scripting

18. /sin’fɒnjə/
Demo & Use cases

19. /sin’fɒnjə/
TweetMon

20. /sin’fɒnjə/
TorrentPeer

21. /sin’fɒnjə/
Crawler

22. /sin’fɒnjə/
Roadmap
Fun & Profit
Community

23. /sin’fɒnjə/
We Want You

24. /sin’fɒnjə/
Become a Beta Tester
http://sinfonier-project.net/
http://tinyurl.com/sinfonier