Open Source SIEM (Security Information and Event Management system).
See README.md for documentation.
See the install documentation for recommendations on installing.
See README.md
Requirements: python 3.x, django >=2.0, pip.
Note: This installation is intended for development, and trying out the software. Using the built-in Python Django web server is not recommended in real security operations environments.
wget https://github.com/dogoncouch/ldsi/archive/v0.1-alpha.tar.gz
tar -xzf v0.1-alpha.tar.tz
ee9b47a733022979c9d2683676e85b63f2d0b55f7a00ea76ea711a7f072d7063 v0.1-alpha.tar.gz
virtualenv -p python3 ldsi_env
source ldsi_env/bin/activate
pip install django
cd ldsi-0.1-alpha
make new-db
python manage.py runserver
To start the parser engine:
config/parser.conf
.python manage.py shell -c "import daemons.parser.parsecore ; daemons.parser.parsecore.start()"
The parser needs to be restarted on changes to the config file.
To start the rule engine:
python manage.py shell -c "import daemons.sentry.sentrycore ; daemons.sentry.sentrycore.start()"
Events have two different EOL dates for local and backup copies of events. The cleaner can use either to delete old events. There are two options:
python manage.py shell -c "import daemons.cleaner.clean ; daemons.cleaner.clean.clean()"
python manage.py shell -c "import daemons.cleaner.clean ; daemons.cleaner.clean.clean(local=True)"
Cleaning should be handled by a cron job.