It is common to see that many IDS (intrusion and detection system), including the software and its rules are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium sized enterprises that normally lack system security expertise and full time operators to supervise their respective IDS. This finding encouraged me to develop an application (ProbeManager) that will better manage network and machine detection probes on a system.
ProbeManager is an application that centralizes the management of intrusion detection systems. The purpose of ProbeManager is to simplify the deployment of detection probes and to put together all of their functionalities in one single place. ProbeManager also allows you to check the status of the probes and to be notified whenever there is a problem or dysfunction. ProbeManager is not a SIEM (security information and event management), therefore, it doesn’t display the probe outputs (alerts, logs, etc…)
ProbeManager is currently compatible with NIDS Suricata and Bro, and it will soon also be compatible with OSSEC.
Features
- Search rules in all probes.
- List installed probes and their status (Running or not, uptime ...).
- Install, update probe.
- Start, stop, reload and restart probe.
- Push, Email notifications (change of status, ...).
- API Restfull.
- See all asynchronous jobs.
Usage
Installation
Operating System
OS | prod | test |
---|---|---|
OSX 12+ | X | |
Debian 9 | X | |
Ubuntu 14 | X |
Requirements
- Python3.5+
- Pip
- Rabbitmq-server (installed with install script)
- Postgresql (installed with install script)
Retrieve the project
Source code on Github
git clone --recursive https://github.com/treussart/ProbeManager.git
Install
For developer :
./install.sh
./start.sh
For Production :
Default destination path : /usr/local/share
For same destination path : .
Be sure to have the write rights in the destination path.
./install.sh prod [destination path]
[destination path]./start.sh prod
http://localhost
Launch the tests
(Only for Dev or Travis) :
./test.sh
coverage_html/index.html
Add a submodule
git submodule add -b master --name suricata https://github.com/treussart/ProbeManager_Suricata.git probemanager/suricata
- A file version.txt (generated by install script)
- A file README.rst
- A folder api with a variable 'urls_to_register' into urls.py (Optional)
- An install script : install.sh (Optional)
- A script for initializing the database : init_db.sh (Optional)
Documentation
Respect standard : reStructuredText (RST).
venv/bin/python probemanager/manage.py runscript generate_doc --settings=probemanager.settings.dev
docs/_build/html/index.html
Or retrieve the full documentation here