Home / Apache / Bro / Database / Debian / Detection / Django / Intrusion Detection / Intrusion Detection System / Manage / Management System / NIDS / ProbeManager / Server / Suricata / ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec...

ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec...

| Post sponsored by FaradaySEC | Multiuser Pentest Environment
It is common to see that many IDS (intrusion and detection system), including the software and its rules are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium sized enterprises that normally lack system security expertise and full time operators to supervise their respective IDS. This finding encouraged me to develop an application (ProbeManager) that will better manage network and machine detection probes on a system.
ProbeManager is an application that centralizes the management of intrusion detection systems. The purpose of ProbeManager is to simplify the deployment of detection probes and to put together all of their functionalities in one single place. ProbeManager also allows you to check the status of the probes and to be notified whenever there is a problem or dysfunction. ProbeManager is not a SIEM (security information and event management), therefore, it doesn’t display the probe outputs (alerts, logs, etc…)
ProbeManager is currently compatible with NIDS Suricata and Bro, and it will soon also be compatible with OSSEC.


Features
  • Search rules in all probes.
  • List installed probes and their status (Running or not, uptime ...).
  • Install, update probe.
  • Start, stop, reload and restart probe.
  • Push, Email notifications (change of status, ...).
  • API Restfull.
  • See all asynchronous jobs.

Usage




Installation

Operating System
OS prod test
OSX 12+ X
Debian 9 X
Ubuntu 14 X
OSX 12+ (Only for project development), Debian stable and Ubuntu 14.04+ are Supported and tested.

Requirements
  • Python3.5+
  • Pip
  • Rabbitmq-server (installed with install script)
  • Postgresql (installed with install script)

Retrieve the project
Source code on Github
git clone --recursive https://github.com/treussart/ProbeManager.git

Install

For developer :
./install.sh
./start.sh

For Production :
Default destination path : /usr/local/share
For same destination path : .
Be sure to have the write rights in the destination path.
./install.sh prod [destination path]
With Django server (not recommended) :
[destination path]./start.sh prod
With Apache (Only for Debian) :
http://localhost

Launch the tests
(Only for Dev or Travis) :
./test.sh
Open the file with a web browser :
coverage_html/index.html

Add a submodule
git submodule add -b master --name suricata https://github.com/treussart/ProbeManager_Suricata.git probemanager/suricata
Modules must respect a few rules:
  • A file version.txt (generated by install script)
  • A file README.rst
  • A folder api with a variable 'urls_to_register' into urls.py (Optional)
  • An install script : install.sh (Optional)
  • A script for initializing the database : init_db.sh (Optional)

Documentation
Respect standard : reStructuredText (RST).
venv/bin/python probemanager/manage.py runscript generate_doc --settings=probemanager.settings.dev
Open the file with a web browser :
docs/_build/html/index.html
Or retrieve the full documentation here


ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec... ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec... Reviewed by Zion3R on 9:37 AM Rating: 5