-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathindex.html
More file actions
136 lines (110 loc) · 5.38 KB
/
index.html
File metadata and controls
136 lines (110 loc) · 5.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<!DOCTYPE html>
<html>
<head>
<meta name="generator" content=
"HTML Tidy for HTML5 (experimental) for Mac OS X https://github.com/w3c/tidy-html5/tree/c63cc39">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<title>Open Security Operations Center</title>
<link rel="stylesheet" href="stylesheets/styles.css">
<link rel="stylesheet" href="stylesheets/pygment_trac.css">
<script src="javascripts/scale.fix.js">
</script>
<meta name="viewport" content=
"width=device-width, initial-scale=1, user-scalable=no">
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div class="wrapper">
<header>
<h1 class="header">OpenSOC</h1>
<p class="header">Big Data Security Analytics Framework</p>
<ul>
<li class="download">
<a class="buttons" href=
"https://github.com/OpenSOC/opensoc/zipball/master">Download
ZIP</a>
</li>
<li class="download">
<a class="buttons" href=
"https://github.com/OpenSOC/opensoc/tarball/master">Download
TAR</a>
</li>
<li>
<a class="buttons github" href=
"https://github.com/OpenSOC/opensoc">View On
GitHub</a>
</li>
</ul>
<p class="header">This project is maintained by <a class=
"header name" href=
"https://github.com/OpenSOC">The OpenSOC Project</a></p>
</header>
<section>
<h3>Objective</h3>
<p>The OpenSOC project is a collaborative open source development project dedicated to providing an extensible
and scalable advanced security analytics tool. It has strong foundations in the Apache Hadoop Framework and
values collaboration for high-quality community-based open source development.</p>
<p>The OpenSOC project has the following goals:</p>
<ul>
<li>To provide a collaborative open source community for development of an extensible and scalable advanced security analytics tool</li>
<li>To encourage open communication for additional features and identification of deficiencies for a stable and functionally usable tool</li>
<li>To identify key feature enhancements to drive technology efforts around efficient security analytics</li>
</ul>
<p>The OpenSOC project welcomes participation from all people and organizations for development, enhancements, and/or implementation support.</p>
<h3>What is OpenSOC?</h3>
<p>OpenSOC is a Big Data security analytics framework designed to consume and monitor network traffic and machine
exhaust data of a data center. OpenSOC is extensible and is designed to work at a massive scale.
</p>
<p>
<iframe src="http://www.slideshare.net/slideshow/embed_code/35549810" width="476" height="400" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe>
</p>
<p>The framework provides the following capabilities:</p>
<ul>
<li>Extensible spouts and parsers for attaching OpenSOC to monitor any telemetry source</li>
<li>Extensible enrichment framework for any telemetry stream</li>
<li>Anomaly detection and real-time rules-based alerts for any telemetry stream</li>
<li>Hadoop-backed storage for telemetry stream with a customizable retention time</li>
<li>Automated real-time indexin for telemetry streams backed by Elastic Search</li>
<li>Telemetry correlation and SQL query capability for data stored in Hadoop backed by Hive</li>
<li>ODBC/JDBC compatibility and integration with existing analytics tools</li>
</ul>
<p>OpenSOC is designed to scale up to consume millions of messages per second, enrich them, run them through anomaly
detection algorithms, and issue real-time alerts.
</p>
<h3>What do I need to run OpenSOC</h3>
<ul>
<li>2 Network Capture Cards (Recommend Napatech NT20E2-CAP)</li>
<li>Apache Flume 1.4.0 +</li>
<li>Apache Kafka 0.8.1+</li>
<li>Apache Storm 0.9 +</li>
<li>Apache Hadoop 2.x (any distribution)</li>
<li>Apache Hive 12 + (13 recommended)</li>
<li>Apache Hbase 0.94+ </li>
<li>Elastic Search 1.1 +</li>
<li>MySQL 5.6+ </li>
</ul>
<h3>Components</h3>
<p>OpenSOC consists of the following repositories
<ul>
<li><b>OpenSOC-Streaming:</b>This repository contains topologies for processing, enriching, indexing, and
corelating telemetry messages, PCAP reconstruction service, and various other data services. This module is
open source under Apache 2.0 License. It is available on github:
<a href="https://github.com/OpenSOC/opensoc-streaming">https://github.com/OpenSOC/opensoc-streaming</a>
</li>
<li><b>OpenSOC-UI:</b>UI for performing log and network packet analytics, displaying alerts, and errors. This module is
open source under Apache 2.0 License. It is available on github: <a href="https://github.com/OpenSOC/opensoc-ui">https://github.com/OpenSOC/opensoc-ui</a>
</li>
</ul>
</p>
<h3>Installation</h3>
<p>Instructions for obtaining OpenSOC can be found at the
project's <a href=
"https://github.com/OpenSOC/opensoc/wiki">
Primary Wiki</a>.</p>
</div>
<!--[if !IE]><script>fixScale(document);</script><![endif]-->
</body>
</html>