Cyber Research Center Data Sets The National Security Agency permitted both the recording and release of the following datasets. In an attempt to provide users of our dataset a means to correlate IP addresses found in the PCAP files with the IP addresses to hosts on the internal USMA network, we are including a pdf file of the planning document used just prior to the execution of CDX 2009 (NOTE: USMA utilized network address translation). Keep in mind this was a planning document. Changes may have occurred to the USMA network that were not annotated on this document. CDX_2009_Network_USMA PDF Data Capture from National Security Agency (NSA) https://drive.google.com/open?id=0B0u9Tg7udaAXaUFHRFpQWjR0dW8 ** Note - The exercise directive had the service academies change the clocks forward to Nov-08 2011 on the first day of the exercise. All timestamps in the log files reflect the date change. The actually time on the clocks remained the same. Snort Intrusion Detection Log/strong: from 0700-Nov-08 to 1600-Nov-11 (Entire Exercise) Snort IDS Alert Log (10.8 MB) MD5: 54d005c1a4ac393df9a4c2eed78f0c24 Domain Name Service Logs: from 0700-Nov-08 to 1600-Nov-11 (Entire Exercise) External DNS named Service Log (6.33 MB) MD5: b9814bf9e1a5672688bc745fe1d4be23 External DNS Message Log (80.8 KB) MD5: 8cf9294169c057c798b8f62132b22801 Web Server Logs: 24-Hour Logs from 1600-Nov-10 to 1600-Nov-11 (Final Day of Exercise) Apache Web Server Access Log (860 KB) MD5: 769559e08e188a23889fb7fcbf9995ea Apache Web Server Error Log (104 KB) MD5: 3efa89b4dd16f3c9c64977acf342d913 Our personal favorite: Nov 11 09:36:55 www logger: 10.2.27.218 - -[11/Nov/2011:09:36:55 -0500] "GET /redteamsayshiplzblockmeagainandagainandagainandagain HTTP/1.0" 302 261 Log Server Aggregate Log: from 0700-Nov-11 to 1600-Nov-11 (Final Day of Exercise) Splunk Log Server Aggregate Log (109 KB) MD5: 54d005c1a4ac393df9a4c2eed78f0c24