Skip to content
This repository has been archived by the owner on May 11, 2021. It is now read-only.

XDavidT/Shoham-Correlation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits

ActionsHandlers

ActionsHandlers

 
 

ActiveFunctions

ActiveFunctions

 
 

setting

setting

 
 

.gitignore

.gitignore

 
 

CacheHandler.py

CacheHandler.py

 
 

MainService.py

MainService.py

 
 

MongoHandler.py

MongoHandler.py

 
 

README.md

README.md

 
 

Repository files navigation

Shoham SIEM System: Correlation

What it does ?

The main core of the Siem system: check the new logs in the DB and check if they are violted the policy that configured in Admin Panel. Check by time range. In global scope checking a lot of violted devices, and in local - check if one device violet given rule. When rule is violted, it been alerted by email and reported by DB to relevante table.

How to use ?

Checkout setting/base-setting.json, in that file you can update the DB server. Please do not change db/collection names, since other projects use it in that way.

Checkout setting/alert-setting.json, in that file you can update the email account to send alerts, or to add other account to alerting.

Tested on 'CentOS 7' with python3, but you can run it in any other OS you want. Clone it to your machine, then run python3 MainService.py

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages