Sonntag, 11. August 2013

DX-Console - central interface to distributed Naxsi-installations

DX-Console is a webbased Frontend to a mongodb-based Naxsi-database.
It should provide centralised monitoring, analysis and alerting (tbd) of a  set of distributed naxsi-sensors


  • centralised display of distributed naxsi-installations
  • dashboard for quick overview
  • latest events (kinda livelog) + marking of new events
  • alerts on new found url/ip/host
  • combined or standalone search for ips/naxsi-ids/hosts etc, e.g ip = x.x.x.x & host =
  • free adjustable timerange-based filter, e.g. 1d/7d/42w, but also 7d-14d
  • audit your own ip; usefull when pentesting a site
  • ip-reputation-control / feed a list of your own ips and get alerts when suspicious requests are made from those ips
  • comprehensive status-display (tbf)
  • Mark events false-positive / delete from Event_DB
  • user-administration
  • rules_id based whitelist_generation
  • saved searches (saving search-terms and results) (tbf)
  • running agents that alert when given threshould are met, e.g. attacks/day  (tbf)
  • api-interface for agents (think nagios) (tbd)

  • flask-based application
  • modified nx_util
    • mongo-db for storing event-data
    • skip known events, thus enabling a shot-term cronjob for nx_util
  • fancy webX.0 - flat njustyle webscale js-only ajax based interface bootstrap-based interface




Latest Events / Livelog w/ 1 new

Search & result

Search & Charts

combined Search / host + peer_ip

Search - add new terms from interface

Search - predefined Searches

Agents -Log

Alerts on new found IPs/URLS etc

Known Sigs Display


Basic Admin-Interface

DX-Console was inspired by Snorby and Splunk.


  1. brillant piece of information, I had come to know about your web-page from my friend hardkik, chennai,i have read atleast 9 posts of yours by now, and let me tell you, your webpage gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanx a million once again, Regards,splunk training in hyderabad

  2. Spannend! Wenn Sie noch eine sichere Plattform für Investments einstellen möchten, dann empfehle Ich digitaler datenraum