Visualizing Project Artillery and Attackers

Project Artillery is an open-source blue team tool that combined a combination of threat intelligence, active honeypots, file integrity, and many other features and functionality that give you early stages of an attack and attempt to prevent the attacker from further attacking other systems. One newer feature with Project Artillery is ATIF – Artillery Threat Intelligence Feed. The feed takes multiple Artillery servers and centralizes attacker IP addresses into one central location.

With Artillery you have the ability to detect offending IP addresses or block them completely ahead of them attacking you (at least in theory). Most recently, a great blog post from Invisibile Threat shows a daily map of attackers from the Artillery threat feed. This visualization takes all of the offending IP addresses and maps them geographically to an individual country.

threat map

I’ve gone ahead and added this to the Artillery main page with the dynamic map here. You can see daily updates (once a day) to the attackers from ATIF and use the data however you like. Thanks to Invisible Threat for all the work on this. Super awesome addition!

David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.