Sonntag, 11. August 2013

DX-Console - central interface to distributed Naxsi-installations






DX-Console is a webbased Frontend to a mongodb-based Naxsi-database.
It should provide centralised monitoring, analysis and alerting (tbd) of a  set of distributed naxsi-sensors

Features:

  • centralised display of distributed naxsi-installations
  • dashboard for quick overview
  • latest events (kinda livelog) + marking of new events
  • alerts on new found url/ip/host
  • combined or standalone search for ips/naxsi-ids/hosts etc, e.g ip = x.x.x.x & host = www.example.com
  • free adjustable timerange-based filter, e.g. 1d/7d/42w, but also 7d-14d
  • audit your own ip; usefull when pentesting a site
  • ip-reputation-control / feed a list of your own ips and get alerts when suspicious requests are made from those ips
  • comprehensive status-display (tbf)
  • Mark events false-positive / delete from Event_DB
  • user-administration
  • rules_id based whitelist_generation
  • saved searches (saving search-terms and results) (tbf)
  • running agents that alert when given threshould are met, e.g. attacks/day  (tbf)
  • api-interface for agents (think nagios) (tbd)

  • flask-based application
  • modified nx_util
    • mongo-db for storing event-data
    • skip known events, thus enabling a shot-term cronjob for nx_util
  • fancy webX.0 - flat njustyle webscale js-only ajax based interface bootstrap-based interface


Screenshots


Dashboard



Dashboard-charts



Latest Events / Livelog w/ 1 new





Search & result



Search & Charts


combined Search / host + peer_ip




Search - add new terms from interface




Search - predefined Searches



Agents -Log



Alerts on new found IPs/URLS etc



Known Sigs Display



System-Messages



Basic Admin-Interface


DX-Console was inspired by Snorby and Splunk.




Kommentare:

  1. brillant piece of information, I had come to know about your web-page from my friend hardkik, chennai,i have read atleast 9 posts of yours by now, and let me tell you, your webpage gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanx a million once again, Regards,splunk training in hyderabad

    AntwortenLöschen
  2. Spannend! Wenn Sie noch eine sichere Plattform für Investments einstellen möchten, dann empfehle Ich digitaler datenraum

    AntwortenLöschen