Home

NERD - Network Entity Reputation Database

NERD is a software and a service which acquires, stores and aggregates various data about known malicious network entities (mostly IP addresses) and provides them in a comprehensible way to users.

The software is quite a generic platform with modular architecture allowing to easily add modules for various data sources.

The main NERD instance, running at nerd.cesnet.cz, aims to gather as much information about malicious IP addresses as possible and provide them for free to the broad cyber security community.

NERD is developed and operated by CESNET.

This software was developed within the scope of the Security Research Programme of the Czech Republic 2015 - 2020 (BV III / 1 VS) granted by the Ministry of the Interior of the Czech Republic under the project No. VI20162019029 The Sharing and analysis of security events in the Czech Republic.

User Guide

See User Guide to learn how to use the web interface and what individual data elements mean.

There is also an API.

Overview (how it works)

• How it works

• Architecture

• Data model - generic description of how data are stored in the main database

• Attributes - description of individual record attributes

• Tasks - (TODO)

• Web/API - rate limits

Installation and administration

Installation and running

Development

There's an introductory presentation "Intro to NERD for developers" (Czech language only): odp, pdf

In most of the cases, the information above and the commented code is enough.

Some components are documented in more detail here:

• Update Manager
• Task distribution
• RateLimiter
• EventCountLogger