Light

scorelab / openxdr Goto Github PK

View Code? Open in Web Editor NEW

4.0 8.0 12.0 812 KB

Real-time Opensource Extended Detection And Response System

License: Apache License 2.0

HTML 0.93% JavaScript 69.89% CSS 0.31% Python 28.46% Mako 0.41%

openxdr's Introduction

OpenXDR

OpenXDR is a real-time opensource extended detection and response system which can seamlessly integrate with any EDR, NDR, SIEM, and IDS.

One of the most important aspects of modern enterprise security is response time. The earlier you discover a threat, the sooner you can respond and avoid the potential damage to your network and endpoints. But, because of detection delays, alert fatigue, the volume of your network, and other factors, taking real-time decisions is a difficult task for the majority of XDR systems. OpenXDR is an open-source extended detection and response system that addresses above mention issues and uses state of the art streaming processing technologies and real-time active and passive detection engines to detect and respond to threats (endpoints and network) in real time. Furthermore, OpenXDR uses cutting-edge batch processing to analyze historical data and identify future threats to the system. Also, OpenXDR can seamlessly integrate with any EDR, NDR, SIEM, or IDS because it uses a bespoke probe designed for specific vendors to convert any available source to the system.

Console

Dashboard and console for resource (log collection, processing units, storage clusters and index) management and monitoring.

openxdr's People

Contributors

Stargazers

Watchers

Forkers

xiaoleihuang agentmilindu dinush apurvjain123 ksoftlabs skywrapper horizon00 carolcal99 piumalkulasekara thatudeshuk aamirdurrani sphill007

openxdr's Issues

Design mock dashboard for OpenADS

In the long run, we need to have a single dashboard to monitor incoming packets, filtering, visualization and analysis, This task is to come up with UI features

Evaluate Succinct to use Spark as a document store

Succinct http://succinct.cs.berkeley.edu/wp/wordpress/
[Data-source] -> Spark Streaming -> {RDD} Document store at Spark

What is the data-structure to be considered for identified data points?

As explained in the architecture, RDD can used to pass data-points between components, RDD is kind of immutable data-sets that are generated from any type of data objects. But do we have to identify a generic data structure to represent objects, or do we maintain desperate objects per data-source. That should be resilient for future plug-in data sources as well. come up with such

Create the Display Window

Repo should follow GitFlow workflow

This repos should follow Gitflow workflow and follow are the items you have to check.

Perform a comprehensive literature study of network anomaly detection models in large scale enviornments

Tasks DoD:

Literature study on network anomaly detection models that were open-source and deployed in large scale
Introduce new direction of machine learning models which OpenADS can co-relate with
Document at project wiki

Implement generic receiver model with the integration of spark streaming

Task DoD:

Implement streaming receiver for any of data-sources listed (e.g. pcap)

Implement custom receiver model to extract syslog data

Based on identified libraries, implement syslog data-receiver

Refactor http endpoints to websocket connection

refactor http endpoints to websocket connection

Adding log collector

This component contains the log colletor for the following Linux log collectors.

Application Logs.
Event Logs.
Service Logs.
System Logs.

Initializing the remote command execution app

List down all possible data sources to consider for OpenDS

List all possible data-sources with identified integration (e.g. package, third-party tool etc)
Come up with a strategic plan to embed data sources to OpenADS space

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.