Arp Cache Discovery¶
Metadata¶
Author |
Roberto Rodriguez @Cyb3rWard0g |
Creation Date |
2020/11/10 |
Modification Date |
2020/11/10 |
Tactics |
[‘TA0007’] |
Techniques |
[‘T1018’] |
Tags |
None |
Dataset Description¶
This dataset represents a threat actor using arp to list out the arp cache.
Datasets Downloads¶
Dataset Type |
Link |
---|---|
Host |
Adversary View¶
wardog@UBUNTU5:~$ arp -a | grep -v '^?'
_gateway (192.168.2.1) at 12:34:56:78:9a:bc [ether] on eth0
Explore Mordor Dataset¶
Initialize Analytics Engine¶
from openhunt.mordorutils import *
spark = get_spark()
Download & Process Mordor File¶
mordor_file = "https://raw.githubusercontent.com/OTRF/mordor/master/datasets/small/linux/discovery/host/sh_arp_cache.zip"
registerMordorSQLTable(spark, mordor_file, "mordorTable")
Get to know your data¶
df = spark.sql(
'''
SELECT *
FROM mordorTable
'''
)
df.show(1, vertical=True)