MAD (MAlicious Traffic Dataset) in home and commercial environments - Internal environment

In this environment we have: 01 Wifi Router, 01 Smartphone, 01 server and 01 desktop with virtual machines. This environment, called Internal, is a local network. One of the servers has the Security and Performance Monitoring Environment installed. In addition, 05 virtual machines were instantiated via QEMU on the same network. In this server, a network card provides connectivity to the environment and the other network card receives all network traffic for analysis by the Monitoring Environment. Getting traffic to Suricata is done by Ettercap. The desktop has two virtual machines instantiated via Oracle VirtualBox, on the same network and acts on the network as a client as well. The results were obtained from Suricata and Telegraf collections from the TICK stack. All evidence was performed by queries via EveBox, which received data from Suricata, Grafana or graphics with information extracted from the InfluxDB (Grafana) and PostgreSQL (EveBox) databases. events.csv.gz - Suricata / Evebox collections net.csv.gz - Telegraf collections from the TICK stack netstat.csv.gz - Telegraf collections from the TICK stack For correlation purposes, use the events.csv.gz file as a basis. The key to correlation is the 'timestamp' column events.csv.gz with the 'time' column in the net.csv.gz and netstat.csv.gz files. The interval between collections, non-consecutive, was from 2018-06-06 to 2019-01-31