This weekend we have put our new log-parsing and reporting code into production. The new code significantly increases our speed of log parsing (by about two orders of magnitude) and it provides a lot more help to help our users research what particular blocked threats were caused by. As product manager I am very pleased to say that it is a massive improvement over the previous stuff but, for our existing users, there are a couple of niggles.

One of the ways that ThreatSTOP keeps our IP reputation feeds up to date is that we process the firewall logs of our subscribers to see what attacks they are currently experiencing. We also want to feed the data back to other security researchers because we only mine the logs for certain information and others will find other useful information from them if they can analyze them. However there is a problem. Customers are usually unwilling to see their internal data distributed all over the place. Hence we've been looking for a way to reliably anonymize the data so that