LogESP

LogESP (c) 2018 Dan Persons | MIT License

Index

• Introduction
• Installing on Ubuntu
• Screenshots

Asset Management Documentation

• Asset Management

Risk Management Documentation

• Adversarial Threats
  • Adversarial Threat Events
  • Adversarial Threat Sources
  • Vulnerabilities
  • Responses
  • Impacts
• Non-Adversarial Threats
  • Non-Adversarial Threat Events
  • Non-Adversarial Threat Sources
  • Risk Conditions
  • Responses
  • Impacts

SIEM Documentation

• Parsing
  • Parse Daemon
  • Event Parsing
    • Parsers
    • Parse Helpers
  • Configuration
• Rules
  • Sentry Daemon
  • Limit Rules
    • Rule vs. Log Events
    • Filters
    • Match Lists
    • Reverse Matching
    • Magnitude Calculation
• Events
  • Anatomy of a Log Event
  • Anatomy of a Rule Event
• Daemons
• Regex Tips

Introduction

LogESP is a SIEM (Security Information and Event Management system) written in Python Django. It features a web frontend, and handles log management and forensics, risk management, and asset management.

Design Principles

Security

LogESP was designed and built as a security application, and minimalism can be good for security.

• LogESP is built on the Python Django framework.
• LogESP does not require credentials, or installation of its software, on log sources. Event forwarding is left entirely up to syslog daemons.
• The LogESP web interface uses no client-side scripting.

NIST guidelines

The LogESP risk management system is based on NIST risk assessment guidelines, and the SIEM and forensics apps are designed to support the NIST incident response and forensics guidelines.

Simplicity

LogESP embraces the Unix design philosophy. It is designed to be as simple as possible, in order to be easy to understand, use, maintain, and extend.

Applications

LogESP includes a few different applications:

• SIEM - Security Information and Event Management
• Assets - Asset Management
• Risk - Risk Management