Log in
logo

COUNTERING CYBER THREATS

barra-separadora

CARMEN, Centre of Log Analysis and Mining of Events, is a tool developed by the National Cryptologic Centre and the company S2Grupo to identify compromises by advanced persistent threats (APTs), and is the first tool based on Spanish technology and know-how.

CARMEN is a tool that collects, processes and analyzes information to generate intelligence mainly from the network traffic. It is made up of agents that compile traffic flows (collection elements), a database engine where information is inserted and a web application that allows representing and checking the collected information so that analysts can work on it and make decisions based on the results provided by the tool.

The data sources which CARMEN is able to work with are listed below:

· Proxy logs

· Passive HTTP

· Passive DNS

· Passive SMTP

· Monitoring and storage of IPC data

CARMEN allows applying predefined rules to every data source to detect undue use and, particularly, to detect significant anomalies (statistics, text chains, temporary series and based on knowledge) that may indicate that the organization has been compromised, and to define and integrate know-how in the tool, ranging from IOC to conditions of the anomaly.

CARMEN intends to identify external movement (C&C servers and ex filtration servers) and lateral movements of an advanced persistent threat. The collection and analysis capabilities of the tool cover the main external communication channels of these threats (web navigation, DNS consultation and email), and different mechanisms of internal communication of the compromised network.

In addition to the persistence stage, CARMEN provides capabilities to detect the threat at the intrusion stage, mainly anomaly conditions to detect common mechanisms of entry, such as watering hole or exploit kits, and deployment and integration of sandboxing capabilities to detect spear phishing.

Contact:

PGP Key Download

FINGERPRINT 2003 48CD F808 7DAF CC0F 4F35 3635 F07D 70A6 33F4

Go back

Esta web utiliza cookies, puedes ver nuestra política de cookies Si continuas navegando estás aceptándola Modificar configuración