Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DShield.
The research shares how SANS used their "agile honeypots" to "zoom in" on events to more effectively collect data targeting specific vulnerabilities. Internet Storm Center has been noted on three separate attacks that were observed.
The research can be found here:

Jenkins Brute Force Scans

Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)

Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527


Learn more about your ad choices. Visit megaphone.fm/adchoices