— Denis Makrushin (@difezza) 5 сентября 2016 г.
The data obtained by Honeypot sensors requires manual analysis and interpretation, and in most cases cannot be used in automated tools to identify the threat in other segments of the network. It is necessary to create and demonstrate a set of data that can be used as indicators of compromise (IoC) and which is received in an automated mode. The use of this data by other automated tools should not lead to false positives.
Honeypot systems are currently used not only by researchers trying to find new types of threats but also by organizations to protect their corporate networks. However, the data received from Honeypot sensors needs to be analyzed manually and then interpreted by an analyst, a process that seriously complicates the practical use of Honeypots in an enterprise’s security infrastructure. Moreover, in order to identify a threat detected by a Honeypot in other segments of the corporate network, incident investigation procedures are required. As part of this project, you will be asked to solve the practical problem of processing the data collected by Honeypot sensors as indicators of compromise in order to check the other sections of the corporate network outside the Honeypot.
More information on Talent Lab official website: https://academy.kaspersky.com/talentlab/automated-system-for-generating-indicators-of-compromise-iocs-based-on-honeypot-raw-data/