austin-taylor / Flare
Licence: mit
An analytical framework for network traffic and behavioral analytics
Stars: ✭ 363
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Flare
Openuba
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Stars: ✭ 127 (-65.01%)
Mutual labels: analytics, elasticsearch, cybersecurity
Moqui Elasticsearch
Moqui Tool Component for ElasticSearch useful for scalable faceted text search, and analytics and reporting using aggregations and other great features
Stars: ✭ 10 (-97.25%)
Mutual labels: analytics, elasticsearch
Walkoff
A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
Stars: ✭ 855 (+135.54%)
Mutual labels: analytics, cybersecurity
Diskover Web
Web file manager, disk space usage, storage search engine and file system analytics for diskover
Stars: ✭ 121 (-66.67%)
Mutual labels: analytics, elasticsearch
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+245.18%)
Mutual labels: elasticsearch, cybersecurity
Dynamite Nsm
DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection
Stars: ✭ 92 (-74.66%)
Mutual labels: elasticsearch, network-analysis
Grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Stars: ✭ 45,930 (+12552.89%)
Mutual labels: analytics, elasticsearch
Logisland
Scalable stream processing platform for advanced realtime analytics on top of Kafka and Spark. LogIsland also supports MQTT and Kafka Streams (Flink being in the roadmap). The platform does complex event processing and is suitable for time series analysis. A large set of valuable ready to use processors, data sources and sinks are available.
Stars: ✭ 97 (-73.28%)
Mutual labels: analytics, elasticsearch
Samsara
Samsara is a real-time analytics platform
Stars: ✭ 132 (-63.64%)
Mutual labels: analytics, elasticsearch
Alertmanager2es
Receives HTTP webhook notifications from AlertManager and inserts them into an Elasticsearch index for searching and analysis
Stars: ✭ 173 (-52.34%)
Mutual labels: analytics, elasticsearch
Wireshark Cheatsheet
Wireshark Cheat Sheet
Stars: ✭ 131 (-63.91%)
Mutual labels: network-analysis, cybersecurity
Hastic Server
Hastic data management server for analyzing patterns and anomalies from Grafana
Stars: ✭ 292 (-19.56%)
Mutual labels: analytics, elasticsearch
Nfstream
NFStream: a Flexible Network Data Analysis Framework.
Stars: ✭ 622 (+71.35%)
Mutual labels: network-analysis, cybersecurity
Walkoff Apps
WALKOFF-enabled applications. #nsacyber
Stars: ✭ 125 (-65.56%)
Mutual labels: analytics, cybersecurity
Zeek-Network-Security-Monitor
A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
Stars: ✭ 38 (-89.53%)
Mutual labels: cybersecurity, network-analysis
Nmapgui
Advanced Graphical User Interface for NMap
Stars: ✭ 318 (-12.4%)
Mutual labels: network-analysis, cybersecurity
Elk Docker
Docker configuration for ELK monitoring stack with Curator and Beats data shippers support
Stars: ✭ 342 (-5.79%)
Mutual labels: elasticsearch
Sigma
Generic Signature Format for SIEM Systems
Stars: ✭ 4,418 (+1117.08%)
Mutual labels: elasticsearch
Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious behavior in networks as simple as possible.
Getting Started
Currently supports python 2.7 and python 3
sudo pip install -r requirements.txt
python setup.py install
First Use
Once Flare is installed you may use it via the command line by calling flare_beacon. You can use command line parameters or call a configuration file (recommended). See the configs directory for sample configuration files.
Example command below:
flare_beacon -c /path/to/flare/config/elasticsearch.ini --focus_outbound --whois flare_beacon -json /tmp/flare.json
Core Features
- Command and Control Analytics
- Identify Beaconing in your environment (works with Suricata output and ElasticSearch)
- Feature Extraction
- Helper utility functions to filter out the noise.
- Alexa, Umbrella, and Majestic Million (coming soon)
- WHOIS IP Lookup
- Pre-build machine learning classifiers
- So much more...
Analytics
Beaconing
Designed for elasticsearch and Suricata, elasticBeacon will connect to your elasticsearch server, retrieve all IP addresses and identify periodic activity.
You may need to forward port 9200 to your localhost with ssh -NfL 9200:localhost:9200 [email protected]
from flare.analytics.command_control import elasticBeacon
eb = elasticBeacon(es_host='localhost')
beacons = eb.find_beacons(group=True, focus_outbound=True)
Also available in commandline:
CSV OUTPUT
flare_beacon --whois --focus_outbound -mo=100 --csv_out=beacon_results.csv
HTML OUTPUT
flare_beacon --group --whois --focus_outbound -c configs/elasticsearch.ini -html beacons.html
JSON OUTPUT (for SIEM)
flare_beacon --whois --focus_outbound -c /opt/flare-master/configs/selks4.ini -json beacon.json -v
Full writeup here
Domain Features
Alexa
from flare.tools.alexa import Alexa
alexa = Alexa(limit=1000000)
print alexa.domain_in_alexa('google.com') # Returns True
print alexa.subdomain_in_alexa('www') # Returns True
print alexa.DOMAINS_TOP1M #Displays domains (in this case top 100)
IP Utilities
from flare.tools.whoisip import WhoisLookup
whois = WhoisLookup()
whois.get_name_by_ip('8.8.8.8')
OUT: 'GOOGLE - Google Inc., US'
from flare.tools.iputils import hex_to_ip, ip_to_hex
ip_to_hex('8.8.8.8'), hex_to_ip('08080808')
OUT: (u'08080808', '8.8.8.8')
- Convert Hex to IP and vice/versa
- Check for Private, Multicast, or Reserved domains
- Identify the owner of a public IP address
Data Science Features
from flare.data_science.features import dga_classifier
dga_c = dga_classifier()
print dga_c.predict('facebook')
Legit
print dga_c.predict('39al31ak3')
dga
from flare.data_science.features import entropy
from flare.data_science.features import ip_matcher
from flare.data_science.features import domain_extract
from flare.data_science.features import levenshtein
from flare.data_science.features import domain_tld_extract
# Entropy example
print entropy('akd93ka8a91a')
2.58496250072
# IP Matcher Example
print ip_matcher('8.8.8.8')
True
print ip_matcher('39.993.9.1')
False
# Domain Extract Example
domain_extract('longsubdomain.huntoperator.com')
'huntoperator'
# Domain TLD Extract
domain_tld_extract('longsubdomain.huntoperator.com')
'huntoperator.com'
# Levenshtein example
a = ['google.com']
b = ['googl3.com']
print levenshtein(a, b)
'Difference of:' 1
and many more features for data extraction...
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].