User Behaviour Analytics

Get the updated code & documentation on XS code here

Our main development, and documentation branches are first pushed to our sponsorship repository, and then eventually pushed to our public free repository. To obtain the most updated code, and documentation for OpenUBA, subscribe to our XS Code repository.

https://cp.xscode.com/Tormorrow-SOC/OpenUB

Goals

To Build a lightweight, SIEM Agnostic, UEBA Framework focused on providing:

• Model Management
• Community-driven Model Library
• Model Versioning
• Dashboard
• Rule Storage/Management
• Case Management
• Peer-oriented/community intel
• Lightweight, SIEM-agnostic infrastructure
• Flexible/open dataset support

Components

• Model Client (optional)
• Model Server (Remote or Local)
• Transport Client
• User Inferface

Installation

Fork this repository (Click the Fork button in the top right of this page, click your Profile Image) Clone your fork down to your local machine

git clone https://github.com/your-username/UBA.git

1. Install pip3 if you don't have it already

    curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
    python3 get-pip.py     
    sudo python3 get-pip.py

2. Install the python dependencies

pip3 install requirements.txt

3. Install HADOOP and JDK
4. Configure Spark environment by running spark_env.sh

bash spark_env.sh 
OR
./spark_env.sh

5. Run the make file

make

6. Point your browser to localhost:3000 to view the UI and localhost:5000 for viewing the Flask app running