![]() ĭATA (node_movie ) = neo4a- >get_node ( 2 ). ĭATA (node_actor ) = neo4a- >create_node (ĭATA (node_movie ) = neo4a- >create_node (Ĭreate a relationship between the two nodesĭATA (node_actor ) = neo4a- >get_node ( 1 ). ĭATA (movie ) = VALUE ty_movie ( title = ‘Sleepless IN Seattle’ ). ĭATA (actor ) = VALUE ty_actor ( name = ‘Tom Hanks’ ). An empty database will be recreated automatically if you start the database again)ĭATA (neo4a ) = NEW zcl_neo4a ( ‘192.168.38.52’ ). (side note: if you screwed up and want to start all over again, just stop Neo4j with ‘./bin/neo4j stop’ and delete the content of the ‘data’ folder with ‘rm -rf data/*’. The following examples are taken from the Neo4j tutorial and are “translated” into ABAP. It may be a good idea to move the classes into a new development package, but this is not required. Install the zJSON and Neo4a nuggets via SAPlink and activate the sources. You need the most current ABAP JSON Document class (zJSON Version 2.28, available on Github ). Just download the tar (choose your OS: ), extract into a folder of your choice, call ‘./bin/neo4j start’ and you are done. In my case I’ve created a new virtual Linux machine (CentOS) under VMware to separate the database from my SAP server, but it should work also, if you are installing Neo4j on the same server (don’t do this in production). Installing and running Neo4j (example for Linux) It will not work on lower releases and will not be downported (sorry). ![]() ![]() The whole project is coded under Netweaver ABAP Stack 7.40 SP8. The result is a Neo4j ABAP Connector called Neo4a, available under Apache License 2.0 on Github: Neo4a The other day I’ve played a bit with the Open Source Graph database Neo4j (for no reasons, just to learn something new), and the usual “what if…” came to my mind and I’ve started to code. We show that this type of relationship querying can allow for more effective use of open source intelligence for threat hunting, malware family clustering, and vulnerability analysis.(Edit Jan 24, 2015: added Transaction handling and side note (this is the last update here, all further tutorial versions you’ll find here.) Examples of utilizing the graph database for querying connections between known malicious IoCs and open source intelligence documents, including threat reports, are shown. The construction of the database of potential IoCs is detailed, including the addition of machine learning and metadata which can be used for filtering of the data for a specific domain (for example a specific natural language) when needed. ![]() These connections are comprised of possible indicators of compromise (e.g., IP addresses, domains, hashes, email addresses, phone numbers), information on known exploits and techniques (e.g., CVEs and MITRE ATT&CK Technique ID's), and potential sources of information on cybersecurity exploits such as twitter usernames. In this research, we present a system which constructs a Neo4j graph database formed by shared connections between open source intelligence text including blogs, cybersecurity bulletins, news sites, antivirus scans, social media posts (e.g., Reddit and Twitter), and threat reports. Therefore methods of condensing the available open source intelligence, and automatically developing connections between disparate sources of information, is incredibly valuable. However the scale of information that is relevant for information security on the internet is always increasing, and is intractable for analysts to parse comprehensively. Open source intelligence is a powerful tool for cybersecurity analysts to gather information both for analysis of discovered vulnerabilities and for detecting novel cybersecurity threats and exploits.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |