Report Open Access

Shadowserver reports automated tool

Janevski, Viktor; Lopienski, Sebastian; Lueders, Stefan

Citation Style Language JSON Export

  "publisher": "Zenodo", 
  "DOI": "10.5281/zenodo.61229", 
  "title": "Shadowserver reports automated tool", 
  "issued": {
    "date-parts": [
  "abstract": "<p>Project Specification</p>\n\n<p>Every day, CERN receives mail notifications from Shadowserver, which include results of network scans for specific vulnerabilities of various types1 for autonomous system number (ASN) 513, which is under the control of CERN.</p>\n\n<p>Checking these e-mail reports manually is time-consuming and not scalable. Instead, the CERN Computer Security Team prefers some kind of a tool for:</p>\n\n<p>\uf0b7 extracting data from e-mails ( attachments or embedded links to CSV files);</p>\n\n<p>\uf0b7 confirming reports by running additional scans from inside the network;</p>\n\n<p>\uf0b7 handling repeated reports for the same device;</p>\n\n<p>\uf0b7 dealing with known false positives / whitelisting;</p>\n\n<p>\uf0b7 filtering out non-CERN hosts;</p>\n\n<p>\uf0b7 sending Security Event Management System (SEMS) notifications;</p>\n\n<p>\uf0b7 etc.</p>\n\n<p>Abstract</p>\n\n<p>The Shadowserver Foundation is offering a completely free-of-charge alerting and reporting service designed for ISPs, enterprises, hosting providers and other organizations that own or control a particular network space. The variety of reports provided to organizations serve as intelligence and assist in the process of locating and mitigating the security issues which occur inside their network. Being subscribed to this scanning and reporting service, CERN receives daily summaries of the security issues that happened during the past day.</p>\n\n<p>Analysing and handling all the reported issues manually is a time-consuming, tedious and repetitive job, because it would require a particular person from the Computer Security Team to go through a series of steps every day. In addition, the manual approach is not scalable and tends to be error-prone, which might lead to important things being missed.</p>\n\n<p>The main goal of this project is to create an automated tool that would be capable of extracting the relevant data from the received reports. However, it should not simply store the information in a database, but somehow notify the device owners that their devices were involved in a particular security issue. Also, it should be able to keep track of who was notified about what and when, in order to avoid sending multiple messages to a person about the same problem in a short period of time.</p>\n\n<p>The output of the tool is a detailed report which provides an overview of the security vulnerabilities that occurred inside CERN&#39;s network during the last 24 hours, as well as a command line tool for whitelisting and managing already whitelisted devices.</p>", 
  "author": [
      "given": "Viktor", 
      "family": "Janevski"
      "given": "Sebastian", 
      "family": "Lopienski"
      "given": "Stefan", 
      "family": "Lueders"
  "type": "article", 
  "id": "61229"
All versions This version
Views 104104
Downloads 345344
Data volume 379.9 MB378.8 MB
Unique views 9595
Unique downloads 303302


Cite as