Projects STRLCPY SIEVA Commits ef78ac66
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    1  -# SIEVA
    2  -SIEM Visibility assessment
     1 +<img src="https://wikifab.org/images/b/b6/Group-i2CAT_logo-color-alta.jpg" width=25% height=25%><img src="https://wikifab.org/images/b/b6/Group-i2CAT_logo-color-alta.jpg" width=25% height=25%>
     2 + 
     3 + 
     4 +[![Maintenance](https://img.shields.io/badge/Status-Maintained-green.svg)]()
     5 +[![Linux](https://svgshare.com/i/Zhy.svg)](https://www.linux.org/pages/download/)
     6 +[![made-with-cpp](https://img.shields.io/badge/Made%20with-Python-blue)](https://www.python.org/)
     7 +[![AGPLv3 license](https://img.shields.io/badge/License-AGPLv3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0.html)
     8 + 
     9 + 
     10 +# Overview
     11 + 
     12 +SIEVA is a tool which provides visibility to data ingested by SIEMs, using artificial intelligence, SIEVA analyses the information contained in the logs, classifies such information according to the MITRE ATT&CK framework data sources, and provides a high level view of the ATT&CK Matrix, colour coded to reflect which tactics and techniques can be monitoried with the current information of the system. SIEVA also provides a detailed view of the data analysed on each individual Elasticsearch Index.
     13 + 
     14 +# Pre-requisites
     15 + 
     16 +Docker (recommended 20.x or latest)
     17 +ElasticSearch 7.x (recommended 7.17.x)
     18 + 
     19 + 
     20 +# How to install it (opcional, si és possible)
     21 + 
     22 +Installation instructions, in case any pre-build binaries are shipped within the repository or can be downloaded from some URL.
     23 + 
     24 +# How to build it
     25 + 
     26 +``` bash
     27 +cd sieva
     28 +docker compose up -d --build --quiet
     29 +```
     30 + 
     31 +Then, the matrix is found in localhost:9000 and the plots data in localhost:9001
     32 + 
     33 + 
     34 +# How to use
     35 + 
     36 +## Once executed
     37 + 
     38 +### `/train`
     39 + 
     40 +```bash
     41 +curl http://127.0.0.1:8081/train?train_pairs={["webserver" : ["webproxy-squid", "webserver-generic", "webserver-nginx"]]}
     42 +```
     43 + 
     44 +Call this endpoint in order to re-train the model with the existent data. The data that will be used is found in an `elasticsearch` database which, so far, requires to be connected to the i2Cat FortiNet VPN to retrieve data from it.
     45 + 
     46 +**`parameters`** : `train_pairs` -> Dictionary made out of _training-label_ : [_train-index0_, _train-index1_, ...]
     47 + 
     48 +**`returns`** : `json` with the path where the model has been saved
     49 + 
     50 +```json
     51 + "model path" : "data/model/model.bin"
     52 +```
     53 + 
     54 + 
     55 +### `/predict`
     56 + 
     57 +```bash
     58 +curl http://127.0.0.1:8081/predict?predict_idxs=["classification_validate_dataset"]
     59 +```
     60 + 
     61 +Call this endpoint to perform a prediction with the pre-trained model over the indexes provided as a parameter. Again, if the datasets are stored in the `elasticsearch` database, a connection through the VPN is required.
     62 + 
     63 +**`parameters`** : `predict_idxs` -> List made out of [_predict-index0_, _predict-index1_, ...]
     64 + 
     65 +**`returns`** : `json` with:
     66 + 
     67 +1. The \% of the category split
     68 +2. The MITRE techniques to use
     69 +3. The path to the predictions file created
     70 + 
     71 +```json
     72 + "classification_validate_dataset": {
     73 + "Category Split: Data types" : "\"{\\\"dns\\\":25.4433544759,\\\"webserver\\\":24.3785048969,\\\"evtx\\\":23.0140914828,\\\"firewall\\\":13.7913198383,\\\"identity\\\":12.6204246617,\\\"dhcp\\\":0.7523046444}\"",
     74 + "Techniques" : {
     75 + "T1001": "#8cdd69",
     76 + "T1001.001": "#8cdd69",
     77 + "..." : "..."
     78 + },
     79 + "Predictions Results / Path to predictions" : {
     80 + "Path to predictions": "data/predictions/predictions.txt"
     81 + }
     82 + }
     83 +```
     84 + 
     85 + 
     86 + 
     87 + 
     88 +# Source
     89 + 
     90 +This code has been developed within the innovation project SIEVA: SIEM visibility assesment.
     91 + 
     92 +This project has received funding from the European Union’s GÉANT Innovation Programme 2022 research and innovation programme under grant agreement No SER-22-109.
     93 + 
     94 +More information about the grant at https://community.geant.org/community-programme-portfolio/innovation-programme/
     95 + 
     96 +# Copyright
     97 + 
     98 +This code has been developed by Fundació Privada Internet i Innovació Digital a Catalunya (i2CAT).
     99 + 
     100 +i2CAT is a *non-profit research and innovation centre* that promotes mission-driven knowledge to solve business challenges, co-create solutions with a transformative impact, empower citizens through open and participative digital social innovation with territorial capillarity, and promote pioneering and strategic initiatives.
     101 + 
     102 +i2CAT *aims to transfer* research project results to private companies in order to create social and economic impact via the out-licensing of intellectual property and the creation of spin-offs.
     103 + 
     104 +Find more information of i2CAT projects and IP rights at https://i2cat.net/tech-transfer/
     105 + 
     106 +# License
     107 + 
     108 +This code is licensed under the terms *AGPLv3*. Information about the license can be located at [link](https://www.gnu.org/licenses/agpl-3.0.html).
     109 + 
     110 +If you find that this license doesn't fit with your requirements regarding the use, distribution or redistribution of our code for your specific work, please, don’t hesitate to contact the intellectual property managers in i2CAT at the following address: [email protected]
    3 111   
Please wait...
Page is in error, reload to recover