"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba

"But incident coordination is not an easy task, as you must keep track of many details and at the same time keep control over who has access to what information. Two tools that exist that are designed to help teams with incident coordination are AbuseHelper and Palantir. [...] The two previously mentioned frameworks could be seen as starting points from which teams can build their competency."

Damir Rajnovic
in the article Who's Performing Computer Incident Coordination?

Codenomicon AbuseHelper

Codenomicon AbuseHelper

Overview | Features and Benefits | Screenshots

Overview

In the world of today, incident coordination is not an easy task. You must keep track of many details and at the same time control over who has access to what information. Heaps of data flows in from various sources, making it difficult to find out what is relevant and what is not. AbuseHelper is a tool designed to help with incident coordination.

AbuseHelper is a framework for collecting and sharing intelligence on suspected malicious activity. Monitoring abuse feeds gives you a near real-time capability to observe and react to internal and external threats that affect you and your customers. AbuseHelper produces actionable reports and overall situation awareness on Internet abuse.

Features and Benefits

AbuseHelper is modular, scalable and robust machine to help you in your abuse handling. Get the information you need, when you need it, in a clear format.

  • Saves time and effort: automate mundane tasks, such as abuse and incident data collection and reporting.
  • Fully modular: use different readers, parsers, transports, splitters, and combiners in a pipe-like manner.
  • Botnet-like structure: collects information from several feed sources.
  • Support for several different formats.
  • Bots are independent from each other: there are no complex configurations.
  • Scalable: distribute the work to different machines and different locations.
  • Robust: One bot failing does not mean the whole engine stops working.
  • Transparent architecture: operations monitoring is simple at all levels.
  • Enable mutual sharing: Benefit from the know-how of other similar actors, share yours to benefit them.

As the maintainer and main developer of AbuseHelper, we offer you the following commercial turn-key services:

  • AbuseHelper Deployment: If you want to run AbuseHelper on your own syste, we can help you to set up the basic infrastructure and configuration tailored for the abuse & incident handling flow of your organization. We also provide post-deployment support.
  • Tailored AbuseHelper Modules: Sometimes you need data from a source, be it public or private, that AbuseHelper does not yet support. You may also need a report in a way which is beyond AbuseHelper's current capabilities. We can help you. As the leading AbuseHelper contributor, we have the know-how to create AbuseHelper modules which play well with the rest of the world. We will also help you set up and launch the new module(s).

We offer also commercial training, consultation and other AbuseHelper related assistance upon request.

Screenshots and Videos

A typical AbuseHelper mail report of suspect network activity:

Codenomicon AbuseHelper mail report

With AbuseHelper you can build a capability to collect abuse feeds, process them, send out reports, gain situational awareness on abuse activity and receive alerts/recordings for the abuse activity directly related to you. In this video you can see how AbuseHelper can accomplish this together with other Codenomicon Situation Awareness products: