ProbeManager
| Status | Operating system |
|---|---|
 |
Linux x86_64 |
Presentation
It is common to see that many IDS (intrusion and detection system), including the software and its rules are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium sized enterprises that normally lack system security expertise and full time operators to supervise their respective IDS. This finding encouraged me to develop an application (ProbeManager) that will better manage network and machine detection probes on a system.
ProbeManager is an application that centralizes the management of intrusion detection systems. The purpose of ProbeManager is to simplify the deployment of detection probes and to put together all of their functionalities in one single place. ProbeManager also allows you to check the status of the probes and to be notified whenever there is a problem or dysfunction. ProbeManager is not a SIEM (security information and event management), therefore, it doesn’t display the probe outputs (alerts, logs, etc…)
ProbeManager is currently compatible with NIDS Suricata and Bro, and it will soon also be compatible with OSSEC.
Features
- Search rules in all probes.
- List installed probes and their status (Running or not, uptime ...).
- Install, update probe.
- Start, stop, reload and restart probe.
- Push, Email notifications (change of status, ...).
- API Restfull.
- See all asynchronous jobs.
Usage
Installation
Operating System
| OS | prod | test |
|---|---|---|
| OSX 12+ | X | |
| Debian 9 | X | |
| Ubuntu 14 | X |
OSX 12+ (Only for project development), Debian stable and Ubuntu 14.04+ are Supported and tested.
Requirements
- Python3.5+
- Pip
- Rabbitmq-server (installed with install script)
- Postgresql (installed with install script)
Retrieve the project
git clone --recursive https://github.com/treussart/ProbeManager.gitInstall
For developer :
./install.sh
./start.shFor Production :
Default destination path : /usr/local/share
For same destination path : .
Be sure to have the write rights in the destination path.
./install.sh prod [destination path]With Django server (not recommended) :
[destination path]./start.sh prodWith Apache (Only for Debian) :
http://localhostLaunch the tests
(Only for Dev or Travis) :
./test.shOpen the file with a web browser :
coverage_html/index.html
Add a submodule
git submodule add -b master --name suricata https://github.com/treussart/ProbeManager_Suricata.git probemanager/suricataModules must respect a few rules:
- A file version.txt (generated by install script)
- A file README.rst
- A folder api with a variable 'urls_to_register' into urls.py (Optional)
- An install script : install.sh (Optional)
- A script for initializing the database : init_db.sh (Optional)
Documentation
Respect standard : reStructuredText (RST).
venv/bin/python probemanager/manage.py runscript generate_doc --settings=probemanager.settings.devOpen the file with a web browser :
docs/_build/html/index.html
Or retrieve the full documentation here