Skip to content

/ altprobe

Collector

alertflex.org
Apache-2.0 License
35 stars 10 forks
Star
Watch
master
2 branches 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@olegzhr
olegzhr Update install_centos7.sh
e09b83c Sep 25, 2020
Update install_centos7.sh
e09b83c

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
update dpkg
Sep 6, 2020
configs
Update suricata.yaml
Jun 8, 2020
src
fix std stream
Sep 19, 2020
LICENSE
Update LICENSE
Mar 3, 2018
NOTICE
add crs
Sep 3, 2019
README.md
Update README.md
Aug 23, 2020
env.sh
add local env
Sep 24, 2020
env_example.sh
add local env
Sep 24, 2020
env_local.sh
add local env
Sep 24, 2020
install_centos7.sh
Update install_centos7.sh
Sep 25, 2020
install_deb.sh
update configs
Jul 14, 2020
install_rpm.sh
update configs
Jul 14, 2020
install_ubuntu.sh
add local env
Sep 24, 2020

README.md

Alertflex Collector (Altprobe)

Alertflex project is an open-source continuous security monitoring solution designed for use in Hybrid Clouds (on-premises and cloud-based IT infrastructure). By monitoring security events and reports from well-known cybersecurity applications, Alertflex gives companies end-to-end security visibility. The project adapts of third-party software products into a unified solution based on the CTI EDR SOAR technology stack and DevSecOps best practices.

Alertflex requires fewer system resources compared with similar products and mostly integrates of free open-source third-party software. It can significantly reduce costs for your cybersecurity monitoring.

Alertflex implements two main functionality:

Security event management for a distributed hub of security sensors (Suricata NIDS, Wazuh HIDS, Falco CRS, Modsecurity WAF) based on the next levels:

  • Collection (Alertflex collector)
  • Streaming (ActiveMQ)
  • Analysis (Alertflex controller)
  • Storage (MySQL)
  • Access (Alertflex controller and console)

Security automation and orchestration

  • IDS centralized management for rules, configs, filtering policies, IP address blocking lists
  • CTI functions which are based on integration with MISP. Performs a reputation checks for IP addresses, DNS records, MD5, SHA1 SHA256 hashes of files. Creates an alert, in case of suspicious data has been found.
  • Can redirect alerts, Netflow, logs to open-source Log Management and monitoring systems ( Graylog, ElasticStack, Prometheus/Grafana)
  • Can periodically run scanning of remote files in Malware Analysis Sandbox (Cuckoo, Hybrid Analysis, VMRay)
  • Integrates SAST and DAST tools (Nmap, SonarQube, OWASP ZAP)
  • Provides REST API and interface compatible with Open Cybersecurity Alliance ecosystem for IDS alerts

Altprobe includes Alertflex collector and installation scripts for security sensors (Suricata NIDS, Wazuh HIDS, Falco CRS).

For more information, please see the Alertflex project documentation

Support

Please open an issue on GitHub, if you'd like to report a bug or request a feature. Have a question or need tech support, please send an email to address: info@alertflex.org

About

Collector

alertflex.org

Topics

alert collector priority-events normalization agregation netflow-collector falco edr suricata wazuh modsecurity waf hids nids ids docker-security

Resources

Readme

License

Apache-2.0 License

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages

You can’t perform that action at this time.