A Work-Flow for Empirical Exploration of Security Events

As the internet continuously expands, information security research is a never ending challenge. It is impossible to know all internet participants, protocols and their applications. Instead, security research focuses on empirically collected real-world data; stores, processes, transforms and analyses the data, in order to learn from it and its anomalies --- security issues --- as they happen. This paper presents one practical work-flow for collection and processing of security related data. It present a hard- and software setup, experiences made, and estimates future developments. This gives others the opportunity to learn and identify areas for improvement, especially those in the early stages of setting up a research project based on empirically gathered data.