Giacomo Lanzi
Hadoop Open Data Model: “open” data collection
Estimated reading time: 5 minutes
With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we the Apache Open Data Model meets.
The common Open Data Model for networks, endpoints and users has several advantages. For example, easier integration between various security applications, but companies are also made it easier to share analytics in case new threats are detected.
Hadoop offers adequate tools to manage a Security Data Lake (SDL) and big data analysis. It can also detect events that are usually difficult to identify, such as lateral movement , data leaks, internal problems or stealth behavior in general. Thanks to the technologies behind the SDL it is possible to collect the data of the SIEM to be able to exploit them through SOCaaS since, being a free Open Data Model, the logs are stored in such a way that they can be used by anyone.
What is Hadoop Open Data Model
Apache Hadoop is free and open source software that helps companies gain insight into their network environments. The analysis of the collected data leads to the identification of potential security threats or any attacks that take place between the resources in the cloud.
While traditional Cyber Threat Intelligence tools help identify threats and attacks in general, an Open Data Model provides a tool that allow companies to detect suspicious connections using flow and packet analysis.
H adoop Open Data Model combines all security-related data (events, users, networks, etc.) into a single visual area that can be used to identify threats effectively. It is You can also use them to create new analytical models. In fact, an Open Data Model allows the sharing and reuse of threat detection models.
An Open Data Model also provides a common taxonomy to describe the security telemetry data used to detect threats. Using data structures and schemas in the Hadoop platform it is possible to collect, store and analyze security-related data.
Open Data Model Hadoop, the advantages for companies
- – Archive a copy of the data security telemetry
- – Leverage out-of-the-box analytics to detect threats targeting DNS, Flow and Proxy
- – Build custom analytics based on your needs
- – Allows third parties to interact with ‘Open Data Model
- – Share and reuse models of threat detection, algorithms, visualizations and analysis from the community Apache Spot .
- – Leverage security telemetry data to better detect threats
- – Using security logs
- – Obtain data from users , endpoints and network entities
- – Obtain threat intelligence data
Open Data Model: types of data collected
To provide a complete security picture and to effectively analyze cyber threat data, you need to collect and analyze all logs and alerts regarding security events and contextual data related to the entities you are dealing with referenced in these logs . The most common entities include the network, users and endpoints, but there are actually many more, such as files and certificates.
Due to the need to collect and analyze security alerts, logs and contextual data, the following types of data are included in the Open Data Model.
Security Event Alerts in Open Data Model
These are event logs from common data sources used to identify threats and better understand network flows. For example operating system logs, IPS logs, firewall logs, proxy logs, web and many more.
Network context data
These include network information that is accessible to anyone from the Whois directory, as well as resource databases and other similar data sources.
User context data
This type of data includes all information relating to the management of users and their identity. Also included are Active Directory, Centrify and other similar systems.
Endpoint context data
Includes all information about endpoint systems (server, router, switch). They can come from asset management systems, vulnerability scanners and detection systems.
Contextual threat data
This data contains contextual information on URLs, domains, websites, files and much more, always related to known threats.
Contextual data on vulnerabilities
This data includes information on vulnerabilities and vulnerability management systems.
Articles from the RoadMap
This is file context data, certificates, naming convention.
Name of attributes
A naming convention is required for an Open Data Model in order to represent attributes between the vendor’s products and technologies. The naming convention consists of prefixes (net, http, src, dst, etc) and common attribute names (ip4, usarname, etc).
It is still a good idea to use multiple prefixes in combination with one attribute.
Conclusions
We have seen what the Hadoop Open Data Model is and how it can be used thanks to its ability to filter traffic and highlight potential cyber attacks by listing suspicious flows, threats to users, threats to endpoints and major network threats.
If you have any doubts or would like further clarification, do not hesitate to contact us by pressing the button below, we will be happy to answer any question.
Useful links:
Share
RSS
More Articles…
- From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company
- NIS: what it is and how it protects cybersecurity
- Advanced persistent threats (APTs): what they are and how to defend yourself
- Penetration Testing and MFA: A Dual Strategy to Maximize Security
- Penetration Testing: Where to Strike to Protect Your IT Network
- Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
- Why IT audit and log management are important for Cybersecurity
- Red Team, Blue Team and Purple Team: what are the differences?
Categories …
- Backup as a Service (18)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- Cyberfero (15)
- ICT Monitoring (5)
- Log Management (2)
- News (25)
- ownCloud (4)
- Privacy (7)
- Security (203)
- Cyber Threat Intelligence (CTI) (8)
- Deception (4)
- Ethical Phishing (11)
- Netwrix Auditor (2)
- Penetration Test (11)
- Posture Guard (3)
- SOCaaS (65)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Unknown Feed
Full Disclosure
- Multi-Protocol Traceroute August 19, 2025Posted by Usman Saeed via Fulldisclosure on Aug 18#!/usr/bin/env python3 """ Adaptive Multi-Protocol Traceroute Author: Usman Saeed email: u () defzero net Website: www.defzero.net Description: This script is a TTL-based path mapper that reveals routes even when classic traceroute is filtered. The idea was that it would run in passes: first a conventional trace (ICMP […]
- SEC Consult SA-20250728-0 :: Stored Cross-Site-Scripting in Optimizely Episerver CMS August 19, 2025Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Aug 18Confidentiality class: Internal & Partner SEC Consult Vulnerability Lab Security Advisory < publishing date 20250728-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: Optimizely Episerver Content Management System (EPiServer.CMS.Core) vulnerable version: Version 11.X:
- SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission August 19, 2025Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Aug 18Confidentiality class: Internal & Partner SEC Consult Vulnerability Lab Security Advisory < publishing date 20250807-0 > ======================================================================= title: Race Condition in Shopware Voucher Submission product: Shopware 6 vulnerable version: v6.6.10.4 fixed version: No fixed version available yet CVE number: CVE-2025-7954 impact: medium...
- Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality August 19, 2025Posted by Ron E on Aug 18nopCommerce is vulnerable to Insufficient Resource Allocation Limits when handling large Excel file imports. Although the application provides a warning message recommending that users avoid importing more than 500–1,000 records at once due to memory constraints, the system does not enforce hard limits on file size, record count, or […]
- CSV Injection in nopcommerce v4.10 and 4.80.3 August 19, 2025Posted by Ron E on Aug 18nopCommerce versions v4.10 and v4.80.3 are vulnerable to *C*SV Injection (Formula Injection) when exporting data to CSV. The application does not properly sanitize user-supplied input before including it in CSV export files. An attacker can inject malicious spreadsheet formulas into fields that will later be exported (for example, order […]
- Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3 August 19, 2025Posted by Ron E on Aug 18nopCommerce v4.10 and 4.80.3 is vulnerable to Insufficient Invalidation of Session Cookies. The application does not properly invalidate or expire authentication cookies after logout or session termination. An attacker who obtains a valid session cookie (e.g., via network interception, XSS, or system compromise) can continue to use the cookie […]
- Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158 August 19, 2025Posted by Ron E on Aug 18The application does not issue a new session identifier (JSESSIONID) after successful authentication. An attacker who can set or predict a victim’s session ID prior to login may hijack the victim’s authenticated session once they log in, resulting in full account takeover. POST /webui HTTP/2 Host: Cookie: JSESSIONID=node01***.node0;
- CSV Injection in iDempiere WebUI 12.0.0.202508171158 August 19, 2025Posted by Ron E on Aug 18A CSV Injection vulnerability exists in iDempiere WebUI v12.0.0.202508171158. The application fails to properly sanitize user-supplied input before including it in exported CSV files. An authenticated attacker can inject malicious spreadsheet formulas (e.g., =cmd|'/C notepad'!A1) into fields that are later exported. When the CSV is opened in spreadsheet software […]
- liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS) August 19, 2025Posted by Ron E on Aug 18lcf2xml (part of liblcf) aborts when parsing specially crafted RPG Maker 2000/2003 files that supply a negative element count for vectors of structured records. The generic reader: template void Struct::ReadLcf(std::vector& vec, LcfReader& stream) { int count = stream.ReadInt(); vec.resize(count); // huge size_t -> throws length_error for (int i = […]
- liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service August 19, 2025Posted by Ron E on Aug 18A crafted RPG Maker save file (`.lsd`) can trigger an integer overflow in liblcf’s lcfstrings compressed integer decoding logic (`LcfReader::ReadInt()`), resulting in an unbounded shift and accumulation loop. The overflowed value is later used in buffer size allocations and structure parsing, causing large memory access requests and parsing errors. […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
{subscription_form_1}Products and Solutions
Partners
Cloud Models
News
- From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company May 6, 2024
- NIS: what it is and how it protects cybersecurity April 22, 2024
- Advanced persistent threats (APTs): what they are and how to defend yourself April 17, 2024
- Penetration Testing and MFA: A Dual Strategy to Maximize Security April 15, 2024
- Penetration Testing: Where to Strike to Protect Your IT Network March 25, 2024
Google Reviews
Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Ottimo supportoread more
E' un piacere poter collaborare con realtà di questo tiporead more
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
About
© 2024 Cyberfero s.r.l. All Rights Reserved. Sede Legale: via Statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Cod. fiscale e P.IVA 03058120357 – R.E.A. 356650 Informativa Privacy - Certificazioni ISO